Search CVE reports
421 – 430 of 37102 results
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular...
1 affected package
mediawiki
| Package | 20.04 LTS |
|---|---|
| mediawiki | Needs evaluation |
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
1 affected package
python-geopandas
| Package | 20.04 LTS |
|---|---|
| python-geopandas | Needs evaluation |
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service
1 affected package
openvpn
| Package | 20.04 LTS |
|---|---|
| openvpn | Not affected |
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by...
1 affected package
undertow
| Package | 20.04 LTS |
|---|---|
| undertow | Needs evaluation |
Some fixes available 2 of 9
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
23 affected packages
expat, coin3, apache2, apr-util, cmake...
| Package | 20.04 LTS |
|---|---|
| expat | Fixed |
| coin3 | Not affected |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | — |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Needs evaluation |
| cadaver | Needs evaluation |
| gdcm | Not affected |
| ayttm | — |
| cableswig | — |
| matanza | Ignored |
| tdom | Needs evaluation |
| vtk | — |
| smart | — |
| firefox | — |
| thunderbird | — |
| libxmltok | Fixed |
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab...
1 affected package
gradle
| Package | 20.04 LTS |
|---|---|
| gradle | Needs evaluation |
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a...
1 affected package
tcpflow
| Package | 20.04 LTS |
|---|---|
| tcpflow | Needs evaluation |
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from...
1 affected package
alsa-lib
| Package | 20.04 LTS |
|---|---|
| alsa-lib | Needs evaluation |
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows....
1 affected package
icinga2
| Package | 20.04 LTS |
|---|---|
| icinga2 | Needs evaluation |
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper...
1 affected package
cacti
| Package | 20.04 LTS |
|---|---|
| cacti | Needs evaluation |