Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

61 – 70 of 1337 results

CVE-2021-29060

Medium priority
Needs evaluation

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.

1 affected packages

node-color-string

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-color-string Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-22118

Medium priority
Vulnerable

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2008-2544

Medium priority
Ignored

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

23 affected packages

linux, linux-armadaxp, linux-flo, linux-goldfish, linux-grouper...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
linux Not affected
linux-armadaxp Not in release
linux-flo Not affected
linux-goldfish Not affected
linux-grouper Not in release
linux-linaro-omap Not in release
linux-linaro-shared Not in release
linux-linaro-vexpress Not in release
linux-lts-quantal Not in release
linux-lts-raring Not in release
linux-lts-saucy Not in release
linux-lts-trusty Not in release
linux-lts-utopic Not in release
linux-lts-vivid Not in release
linux-lts-wily Not in release
linux-lts-xenial Not in release
linux-maguro Not in release
linux-mako Not affected
linux-manta Not in release
linux-qcm-msm Not in release
linux-raspi2 Not affected
linux-snapdragon Not affected
linux-ti-omap4 Not in release
Show all 23 packages Show less packages

CVE-2018-21270

Medium priority
Vulnerable

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

1 affected packages

node-stringstream

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-stringstream Not affected Not affected Not affected Vulnerable Not in release
Show less packages

CVE-2020-15216

Medium priority
Needs evaluation

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is...

1 affected packages

golang-github-russellhaering-goxmldsig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-russellhaering-goxmldsig Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2020-5421

Medium priority
Needs evaluation

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser...

1 affected packages

libspring-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-7711

Medium priority
Needs evaluation

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

1 affected packages

golang-github-russellhaering-goxmldsig

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-russellhaering-goxmldsig Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2020-5408

Medium priority

Not in release

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of...

1 affected packages

libspring-security-2.0-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-security-2.0-java Not in release Not in release Not in release
Show less packages

CVE-2020-5407

Medium priority
Ignored

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user...

1 affected packages

libspring-security-2.0-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libspring-security-2.0-java Not in release Not in release Not in release
Show less packages

CVE-2011-4915

Low priority
Ignored

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

18 affected packages

linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
linux
linux-armadaxp
linux-ec2
linux-flo
linux-fsl-imx51
linux-goldfish
linux-grouper
linux-lts-backport-maverick
linux-lts-backport-natty
linux-lts-backport-oneiric
linux-lts-quantal
linux-lts-raring
linux-lts-saucy
linux-maguro
linux-mako
linux-manta
linux-mvl-dove
linux-ti-omap4
Show all 18 packages Show less packages
  1. Previous page
  2. 5
  3. 6
  4. 7
  5. 8
  6. 9
  7. Next page
Export to JSON