Search CVE reports
91 – 100 of 42294 results
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory...
1 affected package
attr
| Package | 20.04 LTS |
|---|---|
| attr | Needs evaluation |
acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat()...
1 affected package
acl
| Package | 20.04 LTS |
|---|---|
| acl | Needs evaluation |
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate...
1 affected package
acl
| Package | 20.04 LTS |
|---|---|
| acl | Needs evaluation |
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host...
1 affected package
node-ajv
| Package | 20.04 LTS |
|---|---|
| node-ajv | Needs evaluation |
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By...
1 affected package
libxml2
| Package | 20.04 LTS |
|---|---|
| libxml2 | Needs evaluation |
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global...
1 affected package
gzip
| Package | 20.04 LTS |
|---|---|
| gzip | Needs evaluation |
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely...
1 affected package
gzip
| Package | 20.04 LTS |
|---|---|
| gzip | Needs evaluation |
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or...
1 affected package
libzypp
| Package | 20.04 LTS |
|---|---|
| libzypp | Needs evaluation |
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an...
1 affected package
yelp
| Package | 20.04 LTS |
|---|---|
| yelp | Needs evaluation |
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by...
1 affected package
spice-vdagent
| Package | 20.04 LTS |
|---|---|
| spice-vdagent | Needs evaluation |