Search CVE reports
581 – 590 of 40085 results
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
1 affected package
zabbix
| Package | 18.04 LTS |
|---|---|
| zabbix | Needs evaluation |
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
1 affected package
openvpn
| Package | 18.04 LTS |
|---|---|
| openvpn | Not affected |
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
1 affected package
tryton-server
| Package | 18.04 LTS |
|---|---|
| tryton-server | Needs evaluation |
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
1 affected package
tryton-server
| Package | 18.04 LTS |
|---|---|
| tryton-server | Needs evaluation |
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
1 affected package
tryton-server
| Package | 18.04 LTS |
|---|---|
| tryton-server | Needs evaluation |
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that...
1 affected package
python-werkzeug
| Package | 18.04 LTS |
|---|---|
| python-werkzeug | Not affected |
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to...
1 affected package
fonttools
| Package | 18.04 LTS |
|---|---|
| fonttools | Not affected |
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method...
1 affected package
keras
| Package | 18.04 LTS |
|---|---|
| keras | Needs evaluation |
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 18.04 LTS |
|---|---|
| expat | Vulnerable |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | Needs evaluation |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Needs evaluation |
| cadaver | Needs evaluation |
| gdcm | Needs evaluation |
| ayttm | — |
| cableswig | — |
| coin3 | Needs evaluation |
| matanza | Needs evaluation |
| tdom | Needs evaluation |
| vtk | — |
| smart | Needs evaluation |
| firefox | — |
| thunderbird | — |
| libxmltok | Needs evaluation |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line....
1 affected package
cups
| Package | 18.04 LTS |
|---|---|
| cups | Fixed |