Search CVE reports
11 – 20 of 37498 results
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
2 affected packages
sqlite, sqlite3
| Package | 20.04 LTS |
|---|---|
| sqlite | Not affected |
| sqlite3 | Not affected |
(The "tarfile" module would still apply normalization of AREGTYPE (\x00 ...)
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 20.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
Some fixes available 1 of 2
OpenSSH GSSAPI Key Exchange Pre-Authentication Uninitialized Pointer Dereference, Heap Corruption, and Privsep Boundary Violation
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack...
1 affected package
libheif
| Package | 20.04 LTS |
|---|---|
| libheif | Vulnerable |
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument...
1 affected package
libheif
| Package | 20.04 LTS |
|---|---|
| libheif | Needs evaluation |
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently...
2 affected packages
glibc, eglibc
| Package | 20.04 LTS |
|---|---|
| glibc | Not affected |
| eglibc | — |
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary...
1 affected package
libjs-spin.js
| Package | 20.04 LTS |
|---|---|
| libjs-spin.js | Needs evaluation |
(yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contai ...)
1 affected package
node-yauzl
| Package | 20.04 LTS |
|---|---|
| node-yauzl | Needs evaluation |
(Tornado is a Python web framework and asynchronous networking library. ...)
1 affected package
python-tornado
| Package | 20.04 LTS |
|---|---|
| python-tornado | Needs evaluation |
(Black is the uncompromising Python code formatter. Black provides a Gi ...)
1 affected package
black
| Package | 20.04 LTS |
|---|---|
| black | Needs evaluation |