Search CVE reports
191 – 200 of 42615 results
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without...
1 affected package
libpgjava
| Package | 20.04 LTS |
|---|---|
| libpgjava | Needs evaluation |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(),...
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Needs evaluation |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without...
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Needs evaluation |
Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 (libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x...
1 affected package
apache-opennlp
| Package | 20.04 LTS |
|---|---|
| apache-opennlp | Needs evaluation |
OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled
1 affected package
openvpn
| Package | 20.04 LTS |
|---|---|
| openvpn | Not affected |
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error...
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
1 affected package
openvpn
| Package | 20.04 LTS |
|---|---|
| openvpn | Needs evaluation |
A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based...
1 affected package
gpac
| Package | 20.04 LTS |
|---|---|
| gpac | Needs evaluation |
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs...
1 affected package
gpac
| Package | 20.04 LTS |
|---|---|
| gpac | Needs evaluation |
[Unknown description]
2 affected packages
golang-github-nats-io-nkeys, nats-server
| Package | 20.04 LTS |
|---|---|
| golang-github-nats-io-nkeys | Needs evaluation |
| nats-server | — |