Search CVE reports
421 – 430 of 37876 results
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]),...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Needs evaluation |
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In...
1 affected package
capnproto
| Package | 20.04 LTS |
|---|---|
| capnproto | Needs evaluation |
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could...
1 affected package
capnproto
| Package | 20.04 LTS |
|---|---|
| capnproto | Needs evaluation |
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
2 affected packages
sqlite, sqlite3
| Package | 20.04 LTS |
|---|---|
| sqlite | Not affected |
| sqlite3 | Not affected |
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential...
1 affected package
node-flatted
| Package | 20.04 LTS |
|---|---|
| node-flatted | Needs evaluation |
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting...
1 affected package
magic-wormhole
| Package | 20.04 LTS |
|---|---|
| magic-wormhole | Needs evaluation |
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 20.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
Some fixes available 1 of 2
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The...
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This...
2 affected packages
libsoup2.4, libsoup3
| Package | 20.04 LTS |
|---|---|
| libsoup2.4 | Vulnerable |
| libsoup3 | — |