Search CVE reports
21 – 30 of 38480 results
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the...
1 affected package
keystone
| Package | 20.04 LTS |
|---|---|
| keystone | Needs evaluation |
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 20.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary...
1 affected package
leaflet
| Package | 20.04 LTS |
|---|---|
| leaflet | Needs evaluation |
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * ...
2 affected packages
jetty12, jetty9
| Package | 20.04 LTS |
|---|---|
| jetty12 | — |
| jetty9 | Needs evaluation |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0...
2 affected packages
libpdfbox-java, libpdfbox2-java
| Package | 20.04 LTS |
|---|---|
| libpdfbox-java | Needs evaluation |
| libpdfbox2-java | Needs evaluation |
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an...
1 affected package
jq
| Package | 20.04 LTS |
|---|---|
| jq | Needs evaluation |
jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin,...
1 affected package
jq
| Package | 20.04 LTS |
|---|---|
| jq | Needs evaluation |
XKB Buffer overflow in CheckKeyTypes(). The function CheckKeyTypes() will loop over the client's request but won't perform any additional bound checking to ensure that the data read remains within the request bounds. As a result,...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 20.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Needs evaluation |
| xwayland | — |
| xorg-server-hwe-16.04 | — |
| xorg-server-hwe-18.04 | — |
| xorg-hwe-16.04 | — |
| xorg-hwe-18.04 | — |
XKB Out-of-bounds read in CheckModifierMap(). CheckModifierMap() reads from the wire in a loop without verifying that the data remains within the bounds of the client request. As a result, the total number of keys could exceed the...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 20.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Needs evaluation |
| xwayland | — |
| xorg-server-hwe-16.04 | — |
| xorg-server-hwe-18.04 | — |
| xorg-hwe-16.04 | — |
| xorg-hwe-18.04 | — |
XSYNC Use-after-free in miSyncTriggerFence(). When walking the list of fences to trigger, miSyncTriggerFence() may call TriggerFence() for the current trigger, which end up calling the function SyncAwaitTriggerFired()....
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 20.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Needs evaluation |
| xwayland | — |
| xorg-server-hwe-16.04 | — |
| xorg-server-hwe-18.04 | — |
| xorg-hwe-16.04 | — |
| xorg-hwe-18.04 | — |