Search CVE reports
51 – 60 of 51519 results
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Needs evaluation |
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence...
1 affected package
perl
| Package | 16.04 LTS |
|---|---|
| perl | Needs evaluation |
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to...
1 affected package
sssd
| Package | 16.04 LTS |
|---|---|
| sssd | Needs evaluation |
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to...
1 affected package
sssd
| Package | 16.04 LTS |
|---|---|
| sssd | Needs evaluation |
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...
2 affected packages
pillow, pillow-python2
| Package | 16.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...
2 affected packages
pillow, pillow-python2
| Package | 16.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without...
2 affected packages
pillow, pillow-python2
| Package | 16.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(),...
2 affected packages
pillow, pillow-python2
| Package | 16.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without...
2 affected packages
pillow, pillow-python2
| Package | 16.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | — |
OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled
1 affected package
openvpn
| Package | 16.04 LTS |
|---|---|
| openvpn | Not affected |