Search CVE reports
641 – 650 of 39983 results
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()
1 affected package
gpac
| Package | 20.04 LTS |
|---|---|
| gpac | Needs evaluation |
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255...
1 affected package
openvswitch
| Package | 20.04 LTS |
|---|---|
| openvswitch | Needs evaluation |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Needs evaluation |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Needs evaluation |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker can steal a user's session...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Needs evaluation |
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a...
1 affected package
node-ajv
| Package | 20.04 LTS |
|---|---|
| node-ajv | Needs evaluation |
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled...
1 affected package
thrift
| Package | 20.04 LTS |
|---|---|
| thrift | Needs evaluation |
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
1 affected package
thrift
| Package | 20.04 LTS |
|---|---|
| thrift | Needs evaluation |
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
1 affected package
thrift
| Package | 20.04 LTS |
|---|---|
| thrift | Needs evaluation |
[Integer overflows and out-of-bounds access in MOV/MP4 demuxer]
1 affected package
gst-plugins-good1.0
| Package | 20.04 LTS |
|---|---|
| gst-plugins-good1.0 | Not affected |