Search CVE reports
1 – 10 of 36990 results
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar...
1 affected package
busybox
| Package | 20.04 LTS |
|---|---|
| busybox | Needs evaluation |
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the...
1 affected package
busybox
| Package | 20.04 LTS |
|---|---|
| busybox | Needs evaluation |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or...
1 affected package
python-cryptography
| Package | 20.04 LTS |
|---|---|
| python-cryptography | Needs evaluation |
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Not affected |
| pillow-python2 | Not affected |
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution...
2 affected packages
kanboard-cli, python-kanboard
| Package | 20.04 LTS |
|---|---|
| kanboard-cli | Needs evaluation |
| python-kanboard | Needs evaluation |
### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit...
1 affected package
node-qs
| Package | 20.04 LTS |
|---|---|
| node-qs | Needs evaluation |
[Unknown description]
2 affected packages
libsoup2.4, libsoup3
| Package | 20.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | — |
[ICO import integer overflow bypass leads to heap buffer overflow]
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
[GIMP PSP File Parsing Integer Overflow Leading to Heap Corruption]
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Not affected |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |