Search CVE reports
31 – 40 of 1755 results
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache...
1 affected package
ant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ant | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.
23 affected packages
linux, linux-armadaxp, linux-linaro-omap, linux-linaro-shared, linux-linaro-vexpress...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux | — | — | — | — |
| linux-armadaxp | — | — | — | — |
| linux-linaro-omap | — | — | — | — |
| linux-linaro-shared | — | — | — | — |
| linux-linaro-vexpress | — | — | — | — |
| linux-lts-quantal | — | — | — | — |
| linux-lts-raring | — | — | — | — |
| linux-lts-saucy | — | — | — | — |
| linux-qcm-msm | — | — | — | — |
| linux-ti-omap4 | — | — | — | — |
| linux-flo | — | — | — | — |
| linux-goldfish | — | — | — | — |
| linux-grouper | — | — | — | — |
| linux-lts-trusty | — | — | — | — |
| linux-lts-utopic | — | — | — | — |
| linux-lts-vivid | — | — | — | — |
| linux-lts-wily | — | — | — | — |
| linux-lts-xenial | — | — | — | — |
| linux-maguro | — | — | — | — |
| linux-mako | — | — | — | — |
| linux-manta | — | — | — | — |
| linux-raspi2 | — | — | — | — |
| linux-snapdragon | — | — | — | — |
Some fixes available 1 of 5
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to...
1 affected package
pydantic
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pydantic | Not affected | Not affected | Fixed | Not in release |
Not in release
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release |
This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
1 affected package
phantomjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phantomjs | Not in release | Not in release | Needs evaluation | Needs evaluation |
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file...
1 affected package
ant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ant | Not affected | Not affected | Needs evaluation | Needs evaluation |
Not in release
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release |
Not in release
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release |
Not in release
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release |
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
1 affected package
golang-github-antchfx-xmlquery
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-antchfx-xmlquery | Not affected | Not affected | Vulnerable | Not in release |