Search CVE reports
3061 – 3070 of 39001 results
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of ...
1 affected package
angular.js
| Package | 18.04 LTS |
|---|---|
| angular.js | Ignored |
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via...
1 affected package
python-django
| Package | 18.04 LTS |
|---|---|
| python-django | Needs evaluation |
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 18.04 LTS |
|---|---|
| wireshark | Needs evaluation |
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
1 affected package
cacti
| Package | 18.04 LTS |
|---|---|
| cacti | Needs evaluation |
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive...
2 affected packages
libhibernate-validator-java, libhibernate-validator4-java
| Package | 18.04 LTS |
|---|---|
| libhibernate-validator-java | Needs evaluation |
| libhibernate-validator4-java | — |
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 18.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.4 | — |
| python3.5 | — |
| python3.6 | Not affected |
| python3.7 | Not affected |
| python3.8 | Not affected |
| python3.9 | — |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 18.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.4 | — |
| python3.5 | — |
| python3.6 | Not affected |
| python3.7 | Not affected |
| python3.8 | Not affected |
| python3.9 | — |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 18.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.4 | — |
| python3.5 | — |
| python3.6 | Not affected |
| python3.7 | Not affected |
| python3.8 | Not affected |
| python3.9 | — |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 18.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.4 | — |
| python3.5 | — |
| python3.6 | Not affected |
| python3.7 | Not affected |
| python3.8 | Not affected |
| python3.9 | — |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration...
1 affected package
jupyter-core
| Package | 18.04 LTS |
|---|---|
| jupyter-core | Needs evaluation |