Search CVE reports
1981 – 1990 of 39618 results
AWStats 8.0 is vulnerable to Command Injection via the open function
1 affected package
awstats
| Package | 20.04 LTS |
|---|---|
| awstats | Needs evaluation |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the...
2 affected packages
glibc, eglibc
| Package | 20.04 LTS |
|---|---|
| glibc | Not affected |
| eglibc | — |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server,...
2 affected packages
glibc, eglibc
| Package | 20.04 LTS |
|---|---|
| glibc | Not affected |
| eglibc | — |
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might...
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 20.04 LTS |
|---|---|
| mariadb | — |
| mariadb-10.0 | — |
| mariadb-10.1 | — |
| mariadb-10.3 | Needs evaluation |
| mariadb-10.6 | — |
The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing...
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 20.04 LTS |
|---|---|
| jython | Needs evaluation |
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the...
1 affected package
pydicom
| Package | 20.04 LTS |
|---|---|
| pydicom | Needs evaluation |
Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25,...
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
[Unknown description]
1 affected package
qemu
| Package | 20.04 LTS |
|---|---|
| qemu | Needs evaluation |
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 20.04 LTS |
|---|---|
| rust-tar | Needs evaluation |
| rustc | Needs evaluation |
| rustc-1.62 | — |
| rustc-1.74 | — |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | — |
| rustc-1.82 | — |
| rustc-1.83 | — |
| rustc-1.84 | — |
| rustc-1.85 | — |
| rustc-1.88 | — |
| rustc-1.89 | — |
| rustc-1.91 | — |
| rustc-1.92 | — |
| rustc-1.93 | — |
| cargo | Needs evaluation |
| rust-cargo-c | — |
| rust-async-tar | — |
| rust-astral-tokio-tar | — |