Search CVE reports
61 – 70 of 38356 results
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths...
1 affected package
sleuthkit
| Package | 20.04 LTS |
|---|---|
| sleuthkit | Needs evaluation |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g....
1 affected package
python-cryptography
| Package | 20.04 LTS |
|---|---|
| python-cryptography | Not affected |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service...
1 affected package
kamailio
| Package | 20.04 LTS |
|---|---|
| kamailio | Needs evaluation |
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service...
1 affected package
kamailio
| Package | 20.04 LTS |
|---|---|
| kamailio | Needs evaluation |
[Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` leading to corrupted chunk data and potential heap information disclosure]
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 20.04 LTS |
|---|---|
| libpng | — |
| libpng1.6 | Needs evaluation |
| firefox | — |
| thunderbird | — |
| chromium-browser | — |
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 20.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | — |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Needs evaluation |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 20.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | — |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Needs evaluation |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 20.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | — |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Needs evaluation |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 20.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | — |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Needs evaluation |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |