Search CVE reports
21 – 30 of 1734 results
CVE-2021-36373
Low priorityWhen reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache...
1 affected package
ant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ant | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2008-2544
Medium priorityMounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.
23 affected packages
linux, linux-armadaxp, linux-flo, linux-goldfish, linux-grouper...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-armadaxp | — | — | — | — | Not in release |
| linux-flo | — | — | — | — | Not affected |
| linux-goldfish | — | — | — | — | Not affected |
| linux-grouper | — | — | — | — | Not in release |
| linux-linaro-omap | — | — | — | — | Not in release |
| linux-linaro-shared | — | — | — | — | Not in release |
| linux-linaro-vexpress | — | — | — | — | Not in release |
| linux-lts-quantal | — | — | — | — | Not in release |
| linux-lts-raring | — | — | — | — | Not in release |
| linux-lts-saucy | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not affected |
| linux-manta | — | — | — | — | Not in release |
| linux-qcm-msm | — | — | — | — | Not in release |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
| linux-ti-omap4 | — | — | — | — | Not in release |
CVE-2021-29510
Medium prioritySome fixes available 1 of 5
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to...
1 affected package
pydantic
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pydantic | Not affected | Not affected | Fixed | Not in release | Ignored |
CVE-2020-28413
Low priorityNot in release
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release | Not in release |
CVE-2020-7739
Medium priorityThis affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
1 affected package
phantomjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| phantomjs | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-11979
Medium priorityAs mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file...
1 affected package
ant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ant | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-25830
Medium priorityNot in release
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release | Not in release |
CVE-2020-25781
Medium priorityNot in release
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release | Not in release |
CVE-2020-25288
Unknown priorityNot in release
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release | Not in release |
CVE-2020-25614
Medium priorityxmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
1 affected package
golang-github-antchfx-xmlquery
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-antchfx-xmlquery | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |