Search CVE reports
2201 – 2210 of 41184 results
In the Linux kernel, the following vulnerability has been resolved: af_unix: read UNIX_DIAG_VFS data under unix_state_lock Exact UNIX diag lookups hold a reference to the socket, but not to u->path. Meanwhile, unix_release_sock()...
161 affected packages
linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...
| Package | 20.04 LTS |
|---|---|
| linux | Vulnerable |
| linux-allwinner-5.19 | Not in release |
| linux-aws | Vulnerable |
| linux-aws-5.0 | Not in release |
| linux-aws-5.11 | Ignored |
| linux-aws-5.13 | Ignored |
| linux-aws-5.15 | Vulnerable |
| linux-aws-5.19 | Not in release |
| linux-aws-5.3 | Not in release |
| linux-aws-5.4 | Not in release |
| linux-aws-5.8 | Ignored |
| linux-aws-6.14 | Not in release |
| linux-aws-6.17 | Not in release |
| linux-aws-6.2 | Not in release |
| linux-aws-6.5 | Not in release |
| linux-aws-6.8 | Not in release |
| linux-aws-fips | Vulnerable |
| linux-aws-hwe | Not in release |
| linux-azure | Vulnerable |
| linux-azure-4.15 | Not in release |
| linux-azure-5.11 | Ignored |
| linux-azure-5.13 | Ignored |
| linux-azure-5.15 | Vulnerable |
| linux-azure-5.19 | Not in release |
| linux-azure-5.3 | Not in release |
| linux-azure-5.4 | Not in release |
| linux-azure-5.8 | Ignored |
| linux-azure-6.11 | Not in release |
| linux-azure-6.14 | Not in release |
| linux-azure-6.17 | Not in release |
| linux-azure-6.2 | Not in release |
| linux-azure-6.5 | Not in release |
| linux-azure-6.8 | Not in release |
| linux-azure-edge | Not in release |
| linux-azure-fde | Ignored |
| linux-azure-fde-5.15 | Vulnerable |
| linux-azure-fde-5.19 | Not in release |
| linux-azure-fde-6.14 | Not in release |
| linux-azure-fde-6.17 | Not in release |
| linux-azure-fde-6.2 | Not in release |
| linux-azure-fde-6.8 | Not in release |
| linux-azure-fips | Vulnerable |
| linux-azure-nvidia | Not in release |
| linux-azure-nvidia-6.14 | Not in release |
| linux-bluefield | Vulnerable |
| linux-fips | Vulnerable |
| linux-gcp | Vulnerable |
| linux-gcp-4.15 | Not in release |
| linux-gcp-5.11 | Ignored |
| linux-gcp-5.13 | Ignored |
| linux-gcp-5.15 | Vulnerable |
| linux-gcp-5.19 | Not in release |
| linux-gcp-5.3 | Not in release |
| linux-gcp-5.4 | Not in release |
| linux-gcp-5.8 | Ignored |
| linux-gcp-6.11 | Not in release |
| linux-gcp-6.14 | Not in release |
| linux-gcp-6.17 | Not in release |
| linux-gcp-6.2 | Not in release |
| linux-gcp-6.5 | Not in release |
| linux-gcp-6.8 | Not in release |
| linux-gcp-fips | Vulnerable |
| linux-gke | Ignored |
| linux-gke-4.15 | Not in release |
| linux-gke-5.15 | Ignored |
| linux-gke-5.4 | Not in release |
| linux-gkeop | Ignored |
| linux-gkeop-5.15 | Ignored |
| linux-gkeop-5.4 | Not in release |
| linux-hwe | Not in release |
| linux-hwe-5.11 | Ignored |
| linux-hwe-5.13 | Ignored |
| linux-hwe-5.15 | Vulnerable |
| linux-hwe-5.19 | Not in release |
| linux-hwe-5.4 | Not in release |
| linux-hwe-5.8 | Ignored |
| linux-hwe-6.11 | Not in release |
| linux-hwe-6.14 | Not in release |
| linux-hwe-6.17 | Not in release |
| linux-hwe-6.2 | Not in release |
| linux-hwe-6.5 | Not in release |
| linux-hwe-6.8 | Not in release |
| linux-hwe-edge | Not in release |
| linux-ibm | Vulnerable |
| linux-ibm-5.15 | Vulnerable |
| linux-ibm-5.4 | Not in release |
| linux-ibm-6.8 | Not in release |
| linux-intel-5.13 | Ignored |
| linux-intel-iot-realtime | Not in release |
| linux-intel-iotg | Not in release |
| linux-intel-iotg-5.15 | Vulnerable |
| linux-iot | Vulnerable |
| linux-kvm | Vulnerable |
| linux-lowlatency | Not in release |
| linux-lowlatency-hwe-5.15 | Vulnerable |
| linux-lowlatency-hwe-5.19 | Not in release |
| linux-lowlatency-hwe-6.11 | Not in release |
| linux-lowlatency-hwe-6.2 | Not in release |
| linux-lowlatency-hwe-6.5 | Not in release |
| linux-lowlatency-hwe-6.8 | Not in release |
| linux-lts-xenial | Not in release |
| linux-nvidia | Not in release |
| linux-nvidia-6.11 | Not in release |
| linux-nvidia-6.17 | Not in release |
| linux-nvidia-6.2 | Not in release |
| linux-nvidia-6.5 | Not in release |
| linux-nvidia-6.8 | Not in release |
| linux-nvidia-7.0 | Not in release |
| linux-nvidia-bos | Not in release |
| linux-nvidia-bos-7.0 | Not in release |
| linux-nvidia-lowlatency | Not in release |
| linux-nvidia-tegra | Not in release |
| linux-nvidia-tegra-5.15 | Vulnerable |
| linux-nvidia-tegra-igx | Not in release |
| linux-oem | Not in release |
| linux-oem-5.10 | Ignored |
| linux-oem-5.13 | Ignored |
| linux-oem-5.14 | Ignored |
| linux-oem-5.17 | Not in release |
| linux-oem-5.6 | Ignored |
| linux-oem-6.0 | Not in release |
| linux-oem-6.1 | Not in release |
| linux-oem-6.11 | Not in release |
| linux-oem-6.14 | Not in release |
| linux-oem-6.17 | Not in release |
| linux-oem-6.5 | Not in release |
| linux-oem-6.8 | Not in release |
| linux-oracle | Vulnerable |
| linux-oracle-5.0 | Not in release |
| linux-oracle-5.11 | Ignored |
| linux-oracle-5.13 | Ignored |
| linux-oracle-5.15 | Vulnerable |
| linux-oracle-5.3 | Not in release |
| linux-oracle-5.4 | Not in release |
| linux-oracle-5.8 | Ignored |
| linux-oracle-6.14 | Not in release |
| linux-oracle-6.17 | Not in release |
| linux-oracle-6.5 | Not in release |
| linux-oracle-6.8 | Not in release |
| linux-raspi | Vulnerable |
| linux-raspi-5.4 | Not in release |
| linux-raspi-realtime | Not in release |
| linux-raspi2 | Ignored |
| linux-realtime | Not in release |
| linux-realtime-6.14 | Not in release |
| linux-realtime-6.17 | Not in release |
| linux-realtime-6.8 | Not in release |
| linux-riscv | Ignored |
| linux-riscv-5.11 | Ignored |
| linux-riscv-5.15 | Vulnerable |
| linux-riscv-5.19 | Not in release |
| linux-riscv-5.8 | Ignored |
| linux-riscv-6.14 | Not in release |
| linux-riscv-6.17 | Not in release |
| linux-riscv-6.5 | Not in release |
| linux-riscv-6.8 | Not in release |
| linux-starfive-5.19 | Not in release |
| linux-starfive-6.2 | Not in release |
| linux-starfive-6.5 | Not in release |
| linux-xilinx | Not in release |
| linux-xilinx-zynqmp | Vulnerable |
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as...
1 affected package
nsis
| Package | 20.04 LTS |
|---|---|
| nsis | Needs evaluation |
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into...
1 affected package
node-uuid
| Package | 20.04 LTS |
|---|---|
| node-uuid | Needs evaluation |
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The...
2 affected packages
asterisk, pjproject
| Package | 20.04 LTS |
|---|---|
| asterisk | Needs evaluation |
| pjproject | — |
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient...
2 affected packages
asterisk, pjproject
| Package | 20.04 LTS |
|---|---|
| asterisk | Needs evaluation |
| pjproject | — |
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |