Search CVE reports
461 – 470 of 38100 results
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem...
2 affected packages
fuse, fuse3
| Package | 20.04 LTS |
|---|---|
| fuse | Not affected |
| fuse3 | Not affected |
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in...
1 affected package
gpac
| Package | 20.04 LTS |
|---|---|
| gpac | Needs evaluation |
AWStats 8.0 is vulnerable to Command Injection via the open function
1 affected package
awstats
| Package | 20.04 LTS |
|---|---|
| awstats | Needs evaluation |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the...
2 affected packages
glibc, eglibc
| Package | 20.04 LTS |
|---|---|
| glibc | Needs evaluation |
| eglibc | — |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server,...
2 affected packages
glibc, eglibc
| Package | 20.04 LTS |
|---|---|
| glibc | Needs evaluation |
| eglibc | — |
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might...
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 20.04 LTS |
|---|---|
| mariadb | — |
| mariadb-10.0 | — |
| mariadb-10.1 | — |
| mariadb-10.3 | Needs evaluation |
| mariadb-10.6 | — |
The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing...
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 20.04 LTS |
|---|---|
| jython | Needs evaluation |
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the...
1 affected package
pydicom
| Package | 20.04 LTS |
|---|---|
| pydicom | Needs evaluation |
[Unknown description]
1 affected package
qemu
| Package | 20.04 LTS |
|---|---|
| qemu | Needs evaluation |
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 20.04 LTS |
|---|---|
| rust-tar | Needs evaluation |
| rustc | Needs evaluation |
| rustc-1.62 | — |
| rustc-1.74 | — |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | — |
| rustc-1.82 | — |
| rustc-1.83 | — |
| rustc-1.84 | — |
| rustc-1.85 | — |
| rustc-1.88 | — |
| rustc-1.89 | — |
| rustc-1.91 | — |
| rustc-1.92 | — |
| rustc-1.93 | — |
| cargo | Needs evaluation |
| rust-cargo-c | — |
| rust-async-tar | — |
| rust-astral-tokio-tar | — |