Search CVE reports
1331 – 1340 of 39616 results
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the...
157 affected packages
linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...
| Package | 20.04 LTS |
|---|---|
| linux | Vulnerable |
| linux-hwe | Not in release |
| linux-hwe-5.4 | Not in release |
| linux-hwe-5.8 | Ignored |
| linux-hwe-5.11 | Ignored |
| linux-hwe-5.13 | Ignored |
| linux-hwe-5.15 | Vulnerable |
| linux-hwe-5.19 | Not in release |
| linux-hwe-6.2 | Not in release |
| linux-hwe-6.5 | Not in release |
| linux-hwe-6.8 | Not in release |
| linux-hwe-6.11 | Not in release |
| linux-hwe-6.14 | Not in release |
| linux-hwe-6.17 | Not in release |
| linux-hwe-edge | Not in release |
| linux-lts-xenial | Not in release |
| linux-kvm | Vulnerable |
| linux-allwinner-5.19 | Not in release |
| linux-aws | Vulnerable |
| linux-aws-5.0 | Not in release |
| linux-aws-5.3 | Not in release |
| linux-aws-5.4 | Not in release |
| linux-aws-5.8 | Ignored |
| linux-aws-5.11 | Ignored |
| linux-aws-5.13 | Ignored |
| linux-aws-5.15 | Vulnerable |
| linux-aws-5.19 | Not in release |
| linux-aws-6.2 | Not in release |
| linux-aws-6.5 | Not in release |
| linux-aws-6.8 | Not in release |
| linux-aws-6.14 | Not in release |
| linux-aws-6.17 | Not in release |
| linux-aws-hwe | Not in release |
| linux-azure | Vulnerable |
| linux-azure-4.15 | Not in release |
| linux-azure-5.3 | Not in release |
| linux-azure-5.4 | Not in release |
| linux-azure-5.8 | Ignored |
| linux-azure-5.11 | Ignored |
| linux-azure-5.13 | Ignored |
| linux-azure-5.15 | Vulnerable |
| linux-azure-5.19 | Not in release |
| linux-azure-6.2 | Not in release |
| linux-azure-6.5 | Not in release |
| linux-azure-6.8 | Not in release |
| linux-azure-6.11 | Not in release |
| linux-azure-6.14 | Not in release |
| linux-azure-6.17 | Not in release |
| linux-azure-fde | Ignored |
| linux-azure-fde-5.15 | Not affected |
| linux-azure-fde-5.19 | Not in release |
| linux-azure-fde-6.2 | Not in release |
| linux-azure-fde-6.8 | Not in release |
| linux-azure-fde-6.14 | Not in release |
| linux-azure-fde-6.17 | Not in release |
| linux-azure-nvidia | Not in release |
| linux-azure-nvidia-6.14 | Not in release |
| linux-bluefield | Vulnerable |
| linux-azure-edge | Not in release |
| linux-fips | Vulnerable |
| linux-aws-fips | Vulnerable |
| linux-azure-fips | Vulnerable |
| linux-gcp-fips | Vulnerable |
| linux-gcp | Vulnerable |
| linux-gcp-4.15 | Not in release |
| linux-gcp-5.3 | Not in release |
| linux-gcp-5.4 | Not in release |
| linux-gcp-5.8 | Ignored |
| linux-gcp-5.11 | Ignored |
| linux-gcp-5.13 | Ignored |
| linux-gcp-5.15 | Vulnerable |
| linux-gcp-5.19 | Not in release |
| linux-gcp-6.2 | Not in release |
| linux-gcp-6.5 | Not in release |
| linux-gcp-6.8 | Not in release |
| linux-gcp-6.11 | Not in release |
| linux-gcp-6.14 | Not in release |
| linux-gcp-6.17 | Not in release |
| linux-gke | Ignored |
| linux-gke-4.15 | Not in release |
| linux-gke-5.4 | Not in release |
| linux-gke-5.15 | Ignored |
| linux-gkeop | Ignored |
| linux-gkeop-5.4 | Not in release |
| linux-gkeop-5.15 | Ignored |
| linux-ibm | Vulnerable |
| linux-ibm-5.4 | Not in release |
| linux-ibm-5.15 | Vulnerable |
| linux-ibm-6.8 | Not in release |
| linux-intel-5.13 | Ignored |
| linux-intel-iotg | Not in release |
| linux-intel-iotg-5.15 | Vulnerable |
| linux-iot | Vulnerable |
| linux-intel-iot-realtime | Not in release |
| linux-lowlatency | Not in release |
| linux-lowlatency-hwe-5.15 | Vulnerable |
| linux-lowlatency-hwe-5.19 | Not in release |
| linux-lowlatency-hwe-6.2 | Not in release |
| linux-lowlatency-hwe-6.5 | Not in release |
| linux-lowlatency-hwe-6.8 | Not in release |
| linux-lowlatency-hwe-6.11 | Not in release |
| linux-nvidia | Not in release |
| linux-nvidia-6.2 | Not in release |
| linux-nvidia-6.5 | Not in release |
| linux-nvidia-6.8 | Not in release |
| linux-nvidia-6.11 | Not in release |
| linux-nvidia-lowlatency | Not in release |
| linux-nvidia-tegra | Not in release |
| linux-nvidia-tegra-5.15 | Vulnerable |
| linux-nvidia-tegra-igx | Not in release |
| linux-oracle | Vulnerable |
| linux-oracle-5.0 | Not in release |
| linux-oracle-5.3 | Not in release |
| linux-oracle-5.4 | Not in release |
| linux-oracle-5.8 | Ignored |
| linux-oracle-5.11 | Ignored |
| linux-oracle-5.13 | Ignored |
| linux-oracle-5.15 | Vulnerable |
| linux-oracle-6.5 | Not in release |
| linux-oracle-6.8 | Not in release |
| linux-oracle-6.14 | Not in release |
| linux-oracle-6.17 | Not in release |
| linux-oem | Not in release |
| linux-oem-5.6 | Ignored |
| linux-oem-5.10 | Ignored |
| linux-oem-5.13 | Ignored |
| linux-oem-5.14 | Ignored |
| linux-oem-5.17 | Not in release |
| linux-oem-6.0 | Not in release |
| linux-oem-6.1 | Not in release |
| linux-oem-6.5 | Not in release |
| linux-oem-6.8 | Not in release |
| linux-oem-6.11 | Not in release |
| linux-oem-6.14 | Not in release |
| linux-oem-6.17 | Not in release |
| linux-raspi | Vulnerable |
| linux-raspi2 | Ignored |
| linux-raspi-5.4 | Not in release |
| linux-raspi-realtime | Not in release |
| linux-realtime | Not in release |
| linux-realtime-6.8 | Not in release |
| linux-realtime-6.14 | Not in release |
| linux-riscv | Ignored |
| linux-riscv-5.8 | Ignored |
| linux-riscv-5.11 | Ignored |
| linux-riscv-5.15 | Vulnerable |
| linux-riscv-5.19 | Not in release |
| linux-riscv-6.5 | Not in release |
| linux-riscv-6.8 | Not in release |
| linux-riscv-6.14 | Not in release |
| linux-riscv-6.17 | Not in release |
| linux-starfive-5.19 | Not in release |
| linux-starfive-6.2 | Not in release |
| linux-starfive-6.5 | Not in release |
| linux-xilinx | Not in release |
| linux-xilinx-zynqmp | Vulnerable |
| linux-realtime-6.17 | Not in release |
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client...
2 affected packages
botan, botan3
| Package | 20.04 LTS |
|---|---|
| botan | Needs evaluation |
| botan3 | — |
Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching...
2 affected packages
botan3, botan
| Package | 20.04 LTS |
|---|---|
| botan3 | — |
| botan | Needs evaluation |
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache...
1 affected package
flatpak
| Package | 20.04 LTS |
|---|---|
| flatpak | Needs evaluation |
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run...
1 affected package
flatpak
| Package | 20.04 LTS |
|---|---|
| flatpak | Needs evaluation |
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop...
1 affected package
xdg-dbus-proxy
| Package | 20.04 LTS |
|---|---|
| xdg-dbus-proxy | Needs evaluation |
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for...
1 affected package
python-jwcrypto
| Package | 20.04 LTS |
|---|---|
| python-jwcrypto | Needs evaluation |
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation...
2 affected packages
ruby-rack, ruby-rack-session
| Package | 20.04 LTS |
|---|---|
| ruby-rack | Not affected |
| ruby-rack-session | — |
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single...
1 affected package
cockpit
| Package | 20.04 LTS |
|---|---|
| cockpit | Needs evaluation |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are...
1 affected package
cups
| Package | 20.04 LTS |
|---|---|
| cups | Needs evaluation |