Search CVE reports
21 – 30 of 38418 results
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
1 affected package
systemd
| Package | 20.04 LTS |
|---|---|
| systemd | Needs evaluation |
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
1 affected package
systemd
| Package | 20.04 LTS |
|---|---|
| systemd | Needs evaluation |
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about...
1 affected package
musl
| Package | 20.04 LTS |
|---|---|
| musl | Needs evaluation |
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped...
1 affected package
libnet-cidr-lite-perl
| Package | 20.04 LTS |
|---|---|
| libnet-cidr-lite-perl | Needs evaluation |
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like...
1 affected package
libnet-cidr-lite-perl
| Package | 20.04 LTS |
|---|---|
| libnet-cidr-lite-perl | Needs evaluation |
phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 20.04 LTS |
|---|---|
| php-phpseclib | Needs evaluation |
| php-phpseclib3 | — |
| phpseclib | Needs evaluation |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification...
1 affected package
log4cxx
| Package | 20.04 LTS |
|---|---|
| log4cxx | Needs evaluation |
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions...
1 affected package
log4net
| Package | 20.04 LTS |
|---|---|
| log4net | Needs evaluation |
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point...
2 affected packages
apache-log4j1.2, apache-log4j2
| Package | 20.04 LTS |
|---|---|
| apache-log4j1.2 | Needs evaluation |
| apache-log4j2 | Needs evaluation |