Search CVE reports
191 – 200 of 37158 results
crash in parsing frame type
1 affected package
haproxy
| Package | 20.04 LTS |
|---|---|
| haproxy | Not affected |
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted...
1 affected package
keras
| Package | 20.04 LTS |
|---|---|
| keras | Needs evaluation |
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar...
1 affected package
busybox
| Package | 20.04 LTS |
|---|---|
| busybox | Needs evaluation |
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the...
1 affected package
busybox
| Package | 20.04 LTS |
|---|---|
| busybox | Needs evaluation |
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution...
2 affected packages
kanboard-cli, python-kanboard
| Package | 20.04 LTS |
|---|---|
| kanboard-cli | Needs evaluation |
| python-kanboard | Needs evaluation |
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length...
1 affected package
redir
| Package | 20.04 LTS |
|---|---|
| redir | Needs evaluation |
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data...
1 affected package
node-ajv
| Package | 20.04 LTS |
|---|---|
| node-ajv | Needs evaluation |
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Not affected |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
[PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |