Search CVE reports
51 – 60 of 38290 results
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction...
1 affected package
erlang
| Package | 20.04 LTS |
|---|---|
| erlang | Needs evaluation |
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Vulnerable |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Needs evaluation |
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Vulnerable |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Needs evaluation |
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Vulnerable |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Needs evaluation |
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Vulnerable |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Needs evaluation |
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Not affected |
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against...
3 affected packages
libsdl2-image, libsdl3-image, sdl-image1.2
| Package | 20.04 LTS |
|---|---|
| libsdl2-image | Needs evaluation |
| libsdl3-image | — |
| sdl-image1.2 | Needs evaluation |
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the...
1 affected package
ocsinventory-server
| Package | 20.04 LTS |
|---|---|
| ocsinventory-server | Needs evaluation |
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger...
1 affected package
discount
| Package | 20.04 LTS |
|---|---|
| discount | Needs evaluation |
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis...
1 affected package
docker-registry
| Package | 20.04 LTS |
|---|---|
| docker-registry | Needs evaluation |