Search CVE reports
131 – 140 of 37112 results
[Denial of Service via improper configuration file handling]
1 affected package
libssh
| Package | 20.04 LTS |
|---|---|
| libssh | Needs evaluation |
[Improper sanitation of paths received from SCP servers]
1 affected package
libssh
| Package | 20.04 LTS |
|---|---|
| libssh | Needs evaluation |
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
1 affected package
libwww-oauth-perl
| Package | 20.04 LTS |
|---|---|
| libwww-oauth-perl | Needs evaluation |
[Insecure default configuration leads to local man-in-the-middle attacks on Windows]
1 affected package
libssh
| Package | 20.04 LTS |
|---|---|
| libssh | Not affected |
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to...
2 affected packages
clamav, libclamunrar
| Package | 20.04 LTS |
|---|---|
| clamav | Vulnerable |
| libclamunrar | Vulnerable |
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint...
1 affected package
dokuwiki
| Package | 20.04 LTS |
|---|---|
| dokuwiki | Needs evaluation |
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning...
1 affected package
dropbear
| Package | 20.04 LTS |
|---|---|
| dropbear | Needs evaluation |
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Not affected |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Needs evaluation |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 20.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | Needs evaluation |
| postgresql-10 | — |
| postgresql-9.5 | — |
| postgresql-9.3 | — |