Search CVE reports
261 – 270 of 42731 results
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a...
1 affected package
composer
| Package | 20.04 LTS |
|---|---|
| composer | Needs evaluation |
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation...
1 affected package
composer
| Package | 20.04 LTS |
|---|---|
| composer | Needs evaluation |
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker...
2 affected packages
pypdf, pypdf2
| Package | 20.04 LTS |
|---|---|
| pypdf | — |
| pypdf2 | Needs evaluation |
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an...
2 affected packages
pypdf, pypdf2
| Package | 20.04 LTS |
|---|---|
| pypdf | — |
| pypdf2 | Needs evaluation |
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD...
1 affected package
python-zeep
| Package | 20.04 LTS |
|---|---|
| python-zeep | Needs evaluation |
Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies...
2 affected packages
golang-github-nats-io-nkeys, nats-server
| Package | 20.04 LTS |
|---|---|
| golang-github-nats-io-nkeys | Not affected |
| nats-server | — |
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using...
2 affected packages
youtube-dl, yt-dlp
| Package | 20.04 LTS |
|---|---|
| youtube-dl | Needs evaluation |
| yt-dlp | — |
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially...
1 affected package
nomad
| Package | 20.04 LTS |
|---|---|
| nomad | Needs evaluation |
HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace...
1 affected package
nomad
| Package | 20.04 LTS |
|---|---|
| nomad | Needs evaluation |
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image...
2 affected packages
pypdf, pypdf2
| Package | 20.04 LTS |
|---|---|
| pypdf | — |
| pypdf2 | Needs evaluation |