Search CVE reports
101 – 110 of 42570 results
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially...
1 affected package
389-ds-base
| Package | 20.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |
(Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry co ...)
1 affected package
libimager-perl
| Package | 20.04 LTS |
|---|---|
| libimager-perl | Needs evaluation |
Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body...
1 affected package
node-body-parser
| Package | 20.04 LTS |
|---|---|
| node-body-parser | Needs evaluation |
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or...
12 affected packages
mailcap, openjdk-8, openjdk-9, openjdk-lts, openjdk-13...
| Package | 20.04 LTS |
|---|---|
| mailcap | — |
| openjdk-8 | Not affected |
| openjdk-9 | — |
| openjdk-lts | Not affected |
| openjdk-13 | Ignored |
| openjdk-16 | Ignored |
| openjdk-17 | Not affected |
| openjdk-17-crac | — |
| openjdk-18 | — |
| openjdk-21 | Not affected |
| openjdk-21-crac | — |
| openjdk-25 | — |
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
2 affected packages
openssh, openssh-ssh1
| Package | 20.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |