Search CVE reports
31 – 40 of 94 results
CVE-2021-27378
Medium priorityAn issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.
1 affected packages
rust-rand-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-rand-core | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2021-21317
Medium priorityuap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due...
1 affected packages
uap-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
uap-core | Vulnerable | Vulnerable | Needs evaluation | Not in release | Not in release |
CVE-2020-0409
Medium priorityIn create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
1 affected packages
android-platform-system-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android-platform-system-core | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27187
Medium priorityAn issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can...
1 affected packages
kpmcore
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kpmcore | Not affected | Not affected | Needs evaluation | Needs evaluation | Not in release |
CVE-2020-15999
High prioritySome fixes available 14 of 15
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
android, chromium-browser, firefox, freetype, godot...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
freetype | Fixed | Fixed | Fixed | Fixed | Fixed |
godot | Not affected | Not affected | Not affected | Not in release | Not in release |
graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
musescore | Not in release | Not in release | Not affected | Not affected | Not affected |
openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-13 | Not in release | Not in release | Not affected | Not in release | Not in release |
openjdk-15 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-lts | Not affected | Not affected | Not affected | Not affected | Not in release |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src-gles | Not affected | Not affected | Not affected | Not in release | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-26160
Medium priorityjwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud....
4 affected packages
golang-github-coreos-discovery-etcd-io, golang-github-dgrijalva-jwt-go, juju-core, telegraf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
golang-github-dgrijalva-jwt-go | Not in release | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
juju-core | Not in release | Not in release | Not in release | Not in release | Not affected |
telegraf | Not in release | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2020-25576
Medium priorityAn issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
3 affected packages
rust-rand-core, rust-rand-core-0.2, rust-rand-core-0.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-rand-core | Not affected | Not affected | Not affected | Not in release | Not in release |
rust-rand-core-0.2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
rust-rand-core-0.3 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
CVE-2020-11933
Medium prioritycloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media...
4 affected packages
core, core18, core20, snapd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
core | — | — | — | — | — |
core18 | — | — | — | — | — |
core20 | — | — | — | — | — |
snapd | — | — | Not affected | Not affected | Not affected |
CVE-2020-8014
Unknown priorityA UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue...
1 affected packages
kopanocore
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kopanocore | — | — | Not affected | Not affected | Not in release |
CVE-2020-5243
Medium priorityuap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This...
1 affected packages
uap-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
uap-core | Vulnerable | Vulnerable | Vulnerable | Not in release | Not in release |