Search CVE reports
11 – 20 of 42615 results
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely...
1 affected package
rabbitmq-server
| Package | 20.04 LTS |
|---|---|
| rabbitmq-server | Needs evaluation |
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and...
1 affected package
rabbitmq-server
| Package | 20.04 LTS |
|---|---|
| rabbitmq-server | Needs evaluation |
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges...
1 affected package
rabbitmq-server
| Package | 20.04 LTS |
|---|---|
| rabbitmq-server | Needs evaluation |
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management plugin renders the consumer_tag field on the Federation Status page without HTML escaping, allowing a...
1 affected package
rabbitmq-server
| Package | 20.04 LTS |
|---|---|
| rabbitmq-server | Needs evaluation |
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode and direct_request paths because read_complete_body...
1 affected package
rabbitmq-server
| Package | 20.04 LTS |
|---|---|
| rabbitmq-server | Needs evaluation |
RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before...
1 affected package
rabbitmq-server
| Package | 20.04 LTS |
|---|---|
| rabbitmq-server | Needs evaluation |
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read,...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate...
2 affected packages
h2o, dnsdist
| Package | 20.04 LTS |
|---|---|
| h2o | Needs evaluation |
| dnsdist | Not affected |