Search CVE reports
131 – 140 of 37963 results
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like...
1 affected package
libnet-cidr-lite-perl
| Package | 22.04 LTS |
|---|---|
| libnet-cidr-lite-perl | Needs evaluation |
phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 22.04 LTS |
|---|---|
| php-phpseclib | Needs evaluation |
| php-phpseclib3 | Needs evaluation |
| phpseclib | Needs evaluation |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated...
1 affected package
node-axios
| Package | 22.04 LTS |
|---|---|
| node-axios | Needs evaluation |
When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted...
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 22.04 LTS |
|---|---|
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 22.04 LTS |
|---|---|
| jython | Needs evaluation |
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about...
1 affected package
musl
| Package | 22.04 LTS |
|---|---|
| musl | Needs evaluation |
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
1 affected package
systemd
| Package | 22.04 LTS |
|---|---|
| systemd | Needs evaluation |
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
1 affected package
systemd
| Package | 22.04 LTS |
|---|---|
| systemd | Needs evaluation |
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
1 affected package
systemd
| Package | 22.04 LTS |
|---|---|
| systemd | Needs evaluation |
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
1 affected package
systemd
| Package | 22.04 LTS |
|---|---|
| systemd | Needs evaluation |