Search CVE reports
221 – 230 of 42760 results
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s...
1 affected package
wget
| Package | 20.04 LTS |
|---|---|
| wget | Vulnerable |
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes...
1 affected package
mtr
| Package | 20.04 LTS |
|---|---|
| mtr | Needs evaluation |
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
1 affected package
ironic
| Package | 20.04 LTS |
|---|---|
| ironic | Needs evaluation |
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
1 affected package
ironic
| Package | 20.04 LTS |
|---|---|
| ironic | Needs evaluation |
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Fixed |
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer,...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Fixed |
Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Not affected |
[Unknown description]
1 affected package
opam
| Package | 20.04 LTS |
|---|---|
| opam | Needs evaluation |