Search CVE reports
141 – 150 of 37112 results
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Needs evaluation |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Needs evaluation |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit...
1 affected package
node-qs
| Package | 20.04 LTS |
|---|---|
| node-qs | Needs evaluation |
crash via INITIAL packet for the NEW_TOKEN format
1 affected package
haproxy
| Package | 20.04 LTS |
|---|---|
| haproxy | Not affected |
crash in parsing frame type
1 affected package
haproxy
| Package | 20.04 LTS |
|---|---|
| haproxy | Not affected |
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted...
1 affected package
keras
| Package | 20.04 LTS |
|---|---|
| keras | Needs evaluation |
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar...
1 affected package
busybox
| Package | 20.04 LTS |
|---|---|
| busybox | Needs evaluation |
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the...
1 affected package
busybox
| Package | 20.04 LTS |
|---|---|
| busybox | Needs evaluation |
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution...
2 affected packages
kanboard-cli, python-kanboard
| Package | 20.04 LTS |
|---|---|
| kanboard-cli | Needs evaluation |
| python-kanboard | Needs evaluation |
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length...
1 affected package
redir
| Package | 20.04 LTS |
|---|---|
| redir | Needs evaluation |