Search CVE reports
71 – 80 of 35081 results
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 20.04 LTS |
|---|---|
| jython | Needs evaluation |
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with...
1 affected package
undertow
| Package | 20.04 LTS |
|---|---|
| undertow | Needs evaluation |
(MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 t ...)
1 affected package
wireshark
| Package | 20.04 LTS |
|---|---|
| wireshark | Needs evaluation |
(HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of se ...)
1 affected package
wireshark
| Package | 20.04 LTS |
|---|---|
| wireshark | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Needs evaluation |
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community...
1 affected package
cacti
| Package | 20.04 LTS |
|---|---|
| cacti | Needs evaluation |
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.
1 affected package
civicrm
| Package | 20.04 LTS |
|---|---|
| civicrm | Needs evaluation |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Fixed |