Search CVE reports
141 – 150 of 42760 results
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore...
1 affected package
jackson-databind
| Package | 20.04 LTS |
|---|---|
| jackson-databind | Needs evaluation |
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only...
1 affected package
pyasn1
| Package | 20.04 LTS |
|---|---|
| pyasn1 | Needs evaluation |
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing...
1 affected package
pyasn1
| Package | 20.04 LTS |
|---|---|
| pyasn1 | Needs evaluation |
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted...
1 affected package
pyasn1
| Package | 20.04 LTS |
|---|---|
| pyasn1 | Needs evaluation |
Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size,...
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Needs evaluation |
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter()...
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Needs evaluation |
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session...
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting (XSS). The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page.
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the...
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Needs evaluation |
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |