Search CVE reports
361 – 370 of 43971 results
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an...
2 affected packages
pypdf, pypdf2
| Package | 22.04 LTS |
|---|---|
| pypdf | Not in release |
| pypdf2 | Needs evaluation |
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD...
1 affected package
python-zeep
| Package | 22.04 LTS |
|---|---|
| python-zeep | Needs evaluation |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies...
2 affected packages
golang-github-nats-io-nkeys, nats-server
| Package | 22.04 LTS |
|---|---|
| golang-github-nats-io-nkeys | Not affected |
| nats-server | Not in release |