Search CVE reports
11 – 20 of 37673 results
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in...
2 affected packages
golang-google-grpc, google-guest-agent
| Package | 20.04 LTS |
|---|---|
| golang-google-grpc | Needs evaluation |
| google-guest-agent | Needs evaluation |
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause...
2 affected packages
fuse, fuse3
| Package | 20.04 LTS |
|---|---|
| fuse | Needs evaluation |
| fuse3 | Needs evaluation |
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize...
1 affected package
libde265
| Package | 20.04 LTS |
|---|---|
| libde265 | Needs evaluation |
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in...
1 affected package
libde265
| Package | 20.04 LTS |
|---|---|
| libde265 | Needs evaluation |
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 20.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem...
2 affected packages
fuse, fuse3
| Package | 20.04 LTS |
|---|---|
| fuse | Needs evaluation |
| fuse3 | Needs evaluation |
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in...
1 affected package
gpac
| Package | 20.04 LTS |
|---|---|
| gpac | Needs evaluation |
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
1 affected package
sogo
| Package | 20.04 LTS |
|---|---|
| sogo | Needs evaluation |
AWStats 8.0 is vulnerable to Command Injection via the open function
1 affected package
awstats
| Package | 20.04 LTS |
|---|---|
| awstats | Needs evaluation |
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can...
1 affected package
dnss
| Package | 20.04 LTS |
|---|---|
| dnss | Needs evaluation |