Search CVE reports
21 – 30 of 34920 results
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information...
1 affected package
libvirt
| Package | 20.04 LTS |
|---|---|
| libvirt | Needs evaluation |
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool...
1 affected package
radare2
| Package | 20.04 LTS |
|---|---|
| radare2 | Needs evaluation |
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.
1 affected package
radare2
| Package | 20.04 LTS |
|---|---|
| radare2 | Needs evaluation |
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an...
1 affected package
node-nodemailer
| Package | 20.04 LTS |
|---|---|
| node-nodemailer | Needs evaluation |
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
4 affected packages
golang-go.crypto, snapd, lxd, google-guest-agent
| Package | 20.04 LTS |
|---|---|
| golang-go.crypto | Needs evaluation |
| snapd | Needs evaluation |
| lxd | Not affected |
| google-guest-agent | Needs evaluation |
js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse...
1 affected package
node-js-yaml
| Package | 20.04 LTS |
|---|---|
| node-js-yaml | Needs evaluation |
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been...
1 affected package
mruby
| Package | 20.04 LTS |
|---|---|
| mruby | Needs evaluation |
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Needs evaluation |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Needs evaluation |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior...
1 affected package
symfony
| Package | 20.04 LTS |
|---|---|
| symfony | Needs evaluation |