Search CVE reports
1671 – 1680 of 42871 results
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into...
1 affected package
codeblocks
| Package | 18.04 LTS |
|---|---|
| codeblocks | Needs evaluation |
# Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three...
1 affected package
rails
| Package | 18.04 LTS |
|---|---|
| rails | Needs evaluation |
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular...
1 affected package
mediawiki
| Package | 18.04 LTS |
|---|---|
| mediawiki | Needs evaluation |
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
1 affected package
python-geopandas
| Package | 18.04 LTS |
|---|---|
| python-geopandas | Not affected |
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and...
1 affected package
salt
| Package | 18.04 LTS |
|---|---|
| salt | Not affected |
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
1 affected package
salt
| Package | 18.04 LTS |
|---|---|
| salt | Not affected |
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service
1 affected package
openvpn
| Package | 18.04 LTS |
|---|---|
| openvpn | Not affected |
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by...
1 affected package
undertow
| Package | 18.04 LTS |
|---|---|
| undertow | Needs evaluation |
Some fixes available 2 of 13
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
23 affected packages
expat, coin3, apache2, apr-util, cmake...
| Package | 18.04 LTS |
|---|---|
| expat | Fixed |
| coin3 | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | Needs evaluation |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Needs evaluation |
| cadaver | Needs evaluation |
| gdcm | Needs evaluation |
| ayttm | — |
| cableswig | — |
| matanza | Needs evaluation |
| tdom | Needs evaluation |
| vtk | — |
| smart | Needs evaluation |
| firefox | — |
| thunderbird | — |
| libxmltok | Fixed |
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab...
1 affected package
gradle
| Package | 18.04 LTS |
|---|---|
| gradle | Needs evaluation |