Search CVE reports
191 – 200 of 42731 results
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The...
1 affected package
coturn
| Package | 20.04 LTS |
|---|---|
| coturn | Needs evaluation |
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s...
1 affected package
wget
| Package | 20.04 LTS |
|---|---|
| wget | Needs evaluation |
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes...
1 affected package
mtr
| Package | 20.04 LTS |
|---|---|
| mtr | Needs evaluation |
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
1 affected package
ironic
| Package | 20.04 LTS |
|---|---|
| ironic | Needs evaluation |
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
1 affected package
ironic
| Package | 20.04 LTS |
|---|---|
| ironic | Needs evaluation |
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Fixed |
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer,...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Fixed |
Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Not affected |