-
Notifications
You must be signed in to change notification settings - Fork 0
dockerhub.hi.inet evolved 5g certification infolysisnetapp infolysisnetapp
Evolved5G edited this page Nov 21, 2023
·
3 revisions
Severity | Number of vulnerabilities |
---|---|
HIGH | 41 |
MEDIUM | 443 |
LOW | 177 |
Severity | ID | Title | PkgName | InstalledVersion | FixedVersion |
---|---|---|---|---|---|
HIGH | CVE-2022-25235 | Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
HIGH | CVE-2022-25236 | prefix]" attribute values can lead to arbitrary code execution | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
HIGH | CVE-2022-3515 | libksba: integer overflow may lead to remote code execution | libksba8 | 1.3.5-2 | 1.3.5-2ubuntu0.18.04.1 |
HIGH | CVE-2022-24407 | failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands | libsasl2-2 | 2.1.27~101-g0780600+dfsg-3ubuntu2.1 | 2.1.27~101-g0780600+dfsg-3ubuntu2.4 |
HIGH | CVE-2022-24407 | failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands | libsasl2-modules | 2.1.27~101-g0780600+dfsg-3ubuntu2.1 | 2.1.27~101-g0780600+dfsg-3ubuntu2.4 |
HIGH | CVE-2022-24407 | failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands | libsasl2-modules-db | 2.1.27~101-g0780600+dfsg-3ubuntu2.1 | 2.1.27~101-g0780600+dfsg-3ubuntu2.4 |
HIGH | CVE-2020-1971 | openssl: EDIPARTYNAME NULL pointer de-reference | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.5 |
HIGH | CVE-2022-0778 | openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.8 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.11 |
HIGH | CVE-2020-1971 | openssl: EDIPARTYNAME NULL pointer de-reference | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.5 |
HIGH | CVE-2022-0778 | openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.8 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.11 |
HIGH | CVE-2020-1971 | openssl: EDIPARTYNAME NULL pointer de-reference | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.7 |
HIGH | CVE-2021-3449 | openssl: NULL pointer dereference in signature_algorithms processing | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.9 |
HIGH | CVE-2021-3711 | SM2 Decryption Buffer Overflow | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.13 |
HIGH | CVE-2022-0778 | openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.15 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
HIGH | CVE-2021-33910 | systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash | libsystemd0 | 237-3ubuntu10.42 | 237-3ubuntu10.49 |
HIGH | CVE-2021-33910 | systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash | libudev1 | 237-3ubuntu10.42 | 237-3ubuntu10.49 |
HIGH | CVE-2020-1971 | openssl: EDIPARTYNAME NULL pointer de-reference | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.7 |
HIGH | CVE-2021-3449 | openssl: NULL pointer dereference in signature_algorithms processing | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.9 |
HIGH | CVE-2021-3711 | SM2 Decryption Buffer Overflow | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.13 |
HIGH | CVE-2022-0778 | openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.15 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
HIGH | CVE-2023-46234 | browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack | browserify-sign | 4.0.4 | 4.2.2 |
HIGH | CVE-2020-7746 | chart.js: prototype pollution | chart.js | 1.0.2 | 2.9.4 |
HIGH | CVE-2023-34104 | Regex Injection via Doctype Entities | fast-xml-parser | 4.2.2 | 4.2.4 |
HIGH | CVE-2022-25881 | Regular Expression Denial of Service (ReDoS) vulnerability | http-cache-semantics | 3.8.1 | 4.1.1 |
HIGH | CVE-2016-7103 | jquery-ui: cross-site scripting in dialog closeText | jquery-ui | 1.11.4 | >=1.12.0 |
HIGH | CVE-2016-10540 | Minimatch is a minimal matching utility that works by converting glob ... | minimatch | 0.4.0 | 3.0.2 |
HIGH | CVE-2022-3517 | nodejs-minimatch: ReDoS via the braceExpand function | minimatch | 0.4.0 | 3.0.5 |
HIGH | NSWG-ECO-118 | Regular Expression Denial of Service | minimatch | 0.4.0 | >=3.0.2 |
HIGH | CVE-2016-10540 | Minimatch is a minimal matching utility that works by converting glob ... | minimatch | 1.0.0 | 3.0.2 |
HIGH | CVE-2022-3517 | nodejs-minimatch: ReDoS via the braceExpand function | minimatch | 1.0.0 | 3.0.5 |
HIGH | NSWG-ECO-118 | Regular Expression Denial of Service | minimatch | 1.0.0 | >=3.0.2 |
HIGH | CVE-2021-3803 | inefficient regular expression complexity | nth-check | 1.0.2 | 2.0.1 |
HIGH | CVE-2021-3795 | semver-regex: inefficient regular expression complexity | semver-regex | 2.0.0 | 3.1.3, 4.0.1 |
HIGH | CVE-2023-37920 | python-certifi: Removal of e-Tugra root certificate | certifi | 2021.10.8 | 2023.7.22 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | cryptography | 38.0.4 | 39.0.1 |
HIGH | CVE-2023-30798 | There MultipartParser usage in Encode's Starlette python framework bef ... | starlette | 0.16.0 | 0.25.0 |
HIGH | CVE-2022-40898 | remote attackers can cause denial of service via attacker controlled input to wheel cli | wheel | 0.36.2 | 0.38.1 |
MEDIUM | CVE-2006-20001 | httpd: mod_dav: out-of-bounds read/write of zero byte | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2021-26690 | httpd: mod_session: NULL pointer dereference when parsing Cookie header | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-26691 | Heap overflow via a crafted SessionHeader value | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-30641 | httpd: Unexpected URL matching with 'MergeSlashes OFF' | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-33193 | httpd: Request splitting via HTTP/2 method injection and mod_proxy | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-34798 | httpd: NULL pointer dereference via malformed requests | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-39275 | httpd: Out-of-bounds write in ap_escape_quotes() via malicious input | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-40438 | httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.18 |
MEDIUM | CVE-2021-44224 | possible NULL dereference or SSRF in forward proxy configurations | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2021-44790 | httpd: mod_lua: Possible buffer overflow when parsing multipart content | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2022-22719 | parsebody | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-22720 | httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-23943 | Read/write beyond bounds | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-26377 | httpd: mod_proxy_ajp: Possible request smuggling | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-28615 | httpd: Out-of-bounds read in ap_strcmp_match() | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-29404 | httpd: mod_lua: DoS in r:parsebody | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-30522 | httpd: mod_sed: DoS vulnerability | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.25 |
MEDIUM | CVE-2022-30556 | httpd: mod_lua: Information disclosure with websockets | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-31813 | httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-36760 | httpd: mod_proxy_ajp: Possible request smuggling | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2022-37436 | httpd: mod_proxy: HTTP response splitting | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2023-25690 | httpd: HTTP request splitting with mod_rewrite and mod_proxy | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.27 |
MEDIUM | CVE-2006-20001 | httpd: mod_dav: out-of-bounds read/write of zero byte | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2021-26690 | httpd: mod_session: NULL pointer dereference when parsing Cookie header | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-26691 | Heap overflow via a crafted SessionHeader value | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-30641 | httpd: Unexpected URL matching with 'MergeSlashes OFF' | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-33193 | httpd: Request splitting via HTTP/2 method injection and mod_proxy | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-34798 | httpd: NULL pointer dereference via malformed requests | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-39275 | httpd: Out-of-bounds write in ap_escape_quotes() via malicious input | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-40438 | httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.18 |
MEDIUM | CVE-2021-44224 | possible NULL dereference or SSRF in forward proxy configurations | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2021-44790 | httpd: mod_lua: Possible buffer overflow when parsing multipart content | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2022-22719 | parsebody | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-22720 | httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-23943 | Read/write beyond bounds | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-26377 | httpd: mod_proxy_ajp: Possible request smuggling | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-28615 | httpd: Out-of-bounds read in ap_strcmp_match() | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-29404 | httpd: mod_lua: DoS in r:parsebody | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-30522 | httpd: mod_sed: DoS vulnerability | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.25 |
MEDIUM | CVE-2022-30556 | httpd: mod_lua: Information disclosure with websockets | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-31813 | httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-36760 | httpd: mod_proxy_ajp: Possible request smuggling | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2022-37436 | httpd: mod_proxy: HTTP response splitting | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2023-25690 | httpd: HTTP request splitting with mod_rewrite and mod_proxy | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.27 |
MEDIUM | CVE-2006-20001 | httpd: mod_dav: out-of-bounds read/write of zero byte | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2021-26690 | httpd: mod_session: NULL pointer dereference when parsing Cookie header | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-26691 | Heap overflow via a crafted SessionHeader value | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-30641 | httpd: Unexpected URL matching with 'MergeSlashes OFF' | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-33193 | httpd: Request splitting via HTTP/2 method injection and mod_proxy | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-34798 | httpd: NULL pointer dereference via malformed requests | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-39275 | httpd: Out-of-bounds write in ap_escape_quotes() via malicious input | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-40438 | httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.18 |
MEDIUM | CVE-2021-44224 | possible NULL dereference or SSRF in forward proxy configurations | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2021-44790 | httpd: mod_lua: Possible buffer overflow when parsing multipart content | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2022-22719 | parsebody | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-22720 | httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-23943 | Read/write beyond bounds | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-26377 | httpd: mod_proxy_ajp: Possible request smuggling | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-28615 | httpd: Out-of-bounds read in ap_strcmp_match() | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-29404 | httpd: mod_lua: DoS in r:parsebody | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-30522 | httpd: mod_sed: DoS vulnerability | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.25 |
MEDIUM | CVE-2022-30556 | httpd: mod_lua: Information disclosure with websockets | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-31813 | httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-36760 | httpd: mod_proxy_ajp: Possible request smuggling | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2022-37436 | httpd: mod_proxy: HTTP response splitting | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2023-25690 | httpd: HTTP request splitting with mod_rewrite and mod_proxy | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.27 |
MEDIUM | CVE-2006-20001 | httpd: mod_dav: out-of-bounds read/write of zero byte | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2021-26690 | httpd: mod_session: NULL pointer dereference when parsing Cookie header | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-26691 | Heap overflow via a crafted SessionHeader value | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-30641 | httpd: Unexpected URL matching with 'MergeSlashes OFF' | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
MEDIUM | CVE-2021-33193 | httpd: Request splitting via HTTP/2 method injection and mod_proxy | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-34798 | httpd: NULL pointer dereference via malformed requests | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-39275 | httpd: Out-of-bounds write in ap_escape_quotes() via malicious input | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.17 |
MEDIUM | CVE-2021-40438 | httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.18 |
MEDIUM | CVE-2021-44224 | possible NULL dereference or SSRF in forward proxy configurations | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2021-44790 | httpd: mod_lua: Possible buffer overflow when parsing multipart content | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.21 |
MEDIUM | CVE-2022-22719 | parsebody | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-22720 | httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-23943 | Read/write beyond bounds | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
MEDIUM | CVE-2022-26377 | httpd: mod_proxy_ajp: Possible request smuggling | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-28615 | httpd: Out-of-bounds read in ap_strcmp_match() | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-29404 | httpd: mod_lua: DoS in r:parsebody | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-30522 | httpd: mod_sed: DoS vulnerability | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.25 |
MEDIUM | CVE-2022-30556 | httpd: mod_lua: Information disclosure with websockets | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-31813 | httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
MEDIUM | CVE-2022-36760 | httpd: mod_proxy_ajp: Possible request smuggling | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2022-37436 | httpd: mod_proxy: HTTP response splitting | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.26 |
MEDIUM | CVE-2023-25690 | httpd: HTTP request splitting with mod_rewrite and mod_proxy | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.27 |
MEDIUM | CVE-2020-27350 | apt: integer overflows and underflows while parsing .deb packages | apt | 1.6.12ubuntu0.1 | 1.6.12ubuntu0.2 |
MEDIUM | CVE-2022-23491 | untrusted root certificates | ca-certificates | 20190110~18.04.1 | 20211016ubuntu0.18.04.1 |
MEDIUM | CVE-2020-8285 | curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
MEDIUM | CVE-2020-8286 | curl: Inferior OCSP verification | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
MEDIUM | CVE-2021-22876 | curl: Leak of authentication credentials in URL via automatic Referer | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.13 |
MEDIUM | CVE-2021-22924 | Bad connection reuse due to flawed path name checks | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
MEDIUM | CVE-2021-22925 | Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
MEDIUM | CVE-2021-22946 | Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.15 |
MEDIUM | CVE-2021-22947 | Server responses received before STARTTLS processed after TLS handshake | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.15 |
MEDIUM | CVE-2022-22576 | curl: OAUTH2 bearer bypass in connection re-use | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
MEDIUM | CVE-2022-27774 | curl: credential leak on redirect | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
MEDIUM | CVE-2022-27782 | TLS and SSH connection too eager reuse | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.18 |
MEDIUM | CVE-2022-32206 | HTTP compression denial of service | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.19 |
MEDIUM | CVE-2022-32208 | FTP-KRB bad message verification | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.19 |
MEDIUM | CVE-2022-32221 | POST following PUT confusion | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.21 |
MEDIUM | CVE-2022-43552 | curl: Use-after-free triggered by an HTTP proxy deny response | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.22 |
MEDIUM | CVE-2023-23916 | HTTP multi-header compression denial of service | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.23 |
MEDIUM | CVE-2023-27535 | curl: FTP too eager connection reuse | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | dirmngr | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, b ... | dpkg | 1.19.0.5ubuntu2.3 | 1.19.0.5ubuntu2.4 |
MEDIUM | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | e2fsprogs | 1.44.1-1ubuntu1.3 | 1.44.1-1ubuntu1.4 |
MEDIUM | CVE-2021-21300 | remote code execution during clone operation on case-insensitive filesystems | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.8 |
MEDIUM | CVE-2021-40330 | unexpected cross-protocol requests via a repository path containing a newline character | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.9 |
MEDIUM | CVE-2022-23521 | git: gitattributes parsing integer overflow | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.15 |
MEDIUM | CVE-2022-24765 | git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.11 |
MEDIUM | CVE-2022-29187 | git: Bypass of safe.directory protections | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.12 |
MEDIUM | CVE-2022-39253 | exposure of sensitive information to a malicious actor | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.13 |
MEDIUM | CVE-2022-39260 | git shell function that splits command arguments can lead to arbitrary heap writes. | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.13 |
MEDIUM | CVE-2022-41903 | git: Heap overflow in git archive , git log --format leading to RCE |
git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.15 |
MEDIUM | CVE-2023-22490 | git: data exfiltration with maliciously crafted repository | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.16 |
MEDIUM | CVE-2023-23946 | git: git apply: a path outside the working tree can be overwritten with crafted input | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.16 |
MEDIUM | CVE-2023-25652 | git: by feeding specially crafted input to git apply --reject , a path outside the working tree can |
git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.18 |
MEDIUM | CVE-2023-25815 | git: malicious placement of crafted messages when git was compiled with runtime prefix | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.18 |
MEDIUM | CVE-2023-29007 | git: arbitrary configuration injection when renaming or deleting a section from a configuration file | git | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.18 |
MEDIUM | CVE-2021-21300 | remote code execution during clone operation on case-insensitive filesystems | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.8 |
MEDIUM | CVE-2021-40330 | unexpected cross-protocol requests via a repository path containing a newline character | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.9 |
MEDIUM | CVE-2022-23521 | git: gitattributes parsing integer overflow | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.15 |
MEDIUM | CVE-2022-24765 | git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.11 |
MEDIUM | CVE-2022-29187 | git: Bypass of safe.directory protections | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.12 |
MEDIUM | CVE-2022-39253 | exposure of sensitive information to a malicious actor | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.13 |
MEDIUM | CVE-2022-39260 | git shell function that splits command arguments can lead to arbitrary heap writes. | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.13 |
MEDIUM | CVE-2022-41903 | git: Heap overflow in git archive , git log --format leading to RCE |
git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.15 |
MEDIUM | CVE-2023-22490 | git: data exfiltration with maliciously crafted repository | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.16 |
MEDIUM | CVE-2023-23946 | git: git apply: a path outside the working tree can be overwritten with crafted input | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.16 |
MEDIUM | CVE-2023-25652 | git: by feeding specially crafted input to git apply --reject , a path outside the working tree can |
git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.18 |
MEDIUM | CVE-2023-25815 | git: malicious placement of crafted messages when git was compiled with runtime prefix | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.18 |
MEDIUM | CVE-2023-29007 | git: arbitrary configuration injection when renaming or deleting a section from a configuration file | git-man | 1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.18 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gnupg | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gnupg-l10n | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gnupg-utils | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gpg | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gpg-agent | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gpg-wks-client | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gpg-wks-server | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gpgconf | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gpgsm | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gpgv | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.6 |
MEDIUM | CVE-2022-1271 | arbitrary-file-write vulnerability | gzip | 1.6-5ubuntu1 | 1.6-5ubuntu1.2 |
MEDIUM | CVE-2018-20217 | Reachable assertion in the KDC using S4U2Self requests | krb5-locales | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2020-28196 | krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may | krb5-locales | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.2 |
MEDIUM | CVE-2021-36222 | krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re | krb5-locales | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2021-37750 | krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l | krb5-locales | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | krb5-locales | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2022-25147 | apr-util: out-of-bounds writes in the apr_base64 | libaprutil1 | 1.6.1-2 | 1.6.1-2ubuntu0.1 |
MEDIUM | CVE-2022-25147 | apr-util: out-of-bounds writes in the apr_base64 | libaprutil1-dbd-sqlite3 | 1.6.1-2 | 1.6.1-2ubuntu0.1 |
MEDIUM | CVE-2022-25147 | apr-util: out-of-bounds writes in the apr_base64 | libaprutil1-ldap | 1.6.1-2 | 1.6.1-2ubuntu0.1 |
MEDIUM | CVE-2020-27350 | apt: integer overflows and underflows while parsing .deb packages | libapt-pkg5.0 | 1.6.12ubuntu0.1 | 1.6.12ubuntu0.2 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2021-3672 | c-ares: Missing input validation of host names may lead to domain hijacking | libc-ares2 | 1.14.0-1 | 1.14.0-1ubuntu0.1 |
MEDIUM | CVE-2022-4904 | c-ares: buffer overflow in config_sortlist() due to missing string length check | libc-ares2 | 1.14.0-1 | 1.14.0-1ubuntu0.2 |
MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
MEDIUM | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | libcom-err2 | 1.44.1-1ubuntu1.3 | 1.44.1-1ubuntu1.4 |
MEDIUM | CVE-2020-8285 | curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
MEDIUM | CVE-2020-8286 | curl: Inferior OCSP verification | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
MEDIUM | CVE-2021-22876 | curl: Leak of authentication credentials in URL via automatic Referer | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.13 |
MEDIUM | CVE-2021-22924 | Bad connection reuse due to flawed path name checks | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
MEDIUM | CVE-2021-22925 | Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
MEDIUM | CVE-2021-22946 | Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.15 |
MEDIUM | CVE-2021-22947 | Server responses received before STARTTLS processed after TLS handshake | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.15 |
MEDIUM | CVE-2022-22576 | curl: OAUTH2 bearer bypass in connection re-use | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
MEDIUM | CVE-2022-27774 | curl: credential leak on redirect | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
MEDIUM | CVE-2022-27782 | TLS and SSH connection too eager reuse | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.18 |
MEDIUM | CVE-2022-32206 | HTTP compression denial of service | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.19 |
MEDIUM | CVE-2022-32208 | FTP-KRB bad message verification | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.19 |
MEDIUM | CVE-2022-32221 | POST following PUT confusion | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.21 |
MEDIUM | CVE-2022-43552 | curl: Use-after-free triggered by an HTTP proxy deny response | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.22 |
MEDIUM | CVE-2023-23916 | HTTP multi-header compression denial of service | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.23 |
MEDIUM | CVE-2023-27535 | curl: FTP too eager connection reuse | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
MEDIUM | CVE-2020-8285 | curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
MEDIUM | CVE-2020-8286 | curl: Inferior OCSP verification | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
MEDIUM | CVE-2021-22876 | curl: Leak of authentication credentials in URL via automatic Referer | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.13 |
MEDIUM | CVE-2021-22924 | Bad connection reuse due to flawed path name checks | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
MEDIUM | CVE-2021-22925 | Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
MEDIUM | CVE-2021-22946 | Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.15 |
MEDIUM | CVE-2021-22947 | Server responses received before STARTTLS processed after TLS handshake | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.15 |
MEDIUM | CVE-2022-22576 | curl: OAUTH2 bearer bypass in connection re-use | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
MEDIUM | CVE-2022-27774 | curl: credential leak on redirect | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
MEDIUM | CVE-2022-27782 | TLS and SSH connection too eager reuse | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.18 |
MEDIUM | CVE-2022-32206 | HTTP compression denial of service | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.19 |
MEDIUM | CVE-2022-32208 | FTP-KRB bad message verification | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.19 |
MEDIUM | CVE-2022-32221 | POST following PUT confusion | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.21 |
MEDIUM | CVE-2022-43552 | curl: Use-after-free triggered by an HTTP proxy deny response | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.22 |
MEDIUM | CVE-2023-23916 | HTTP multi-header compression denial of service | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.23 |
MEDIUM | CVE-2023-27535 | curl: FTP too eager connection reuse | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
MEDIUM | CVE-2021-46143 | Integer overflow in doProlog in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-22822 | Integer overflow in addBinding in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-22823 | Integer overflow in build_model in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-22824 | Integer overflow in defineAttribute in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-22825 | Integer overflow in lookup in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-22826 | Integer overflow in nextScaffoldPart in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-22827 | Integer overflow in storeAtts in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-23852 | Integer overflow in function XML_GetBuffer | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-23990 | integer overflow in the doProlog function | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
MEDIUM | CVE-2022-25313 | Stack exhaustion in doctype parsing | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.7 |
MEDIUM | CVE-2022-25314 | expat: Integer overflow in copyString() | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.7 |
MEDIUM | CVE-2022-25315 | Integer overflow in storeRawNames() | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.7 |
MEDIUM | CVE-2022-40674 | expat: a use-after-free in the doContent function in xmlparse.c | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.8 |
MEDIUM | CVE-2022-43680 | use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.8 |
MEDIUM | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | libext2fs2 | 1.44.1-1ubuntu1.3 | 1.44.1-1ubuntu1.4 |
MEDIUM | CVE-2021-40528 | ElGamal implementation allows plaintext recovery | libgcrypt20 | 1.8.1-4ubuntu1.2 | 1.8.1-4ubuntu1.3 |
MEDIUM | CVE-2022-2509 | Double free during gnutls_pkcs7_verify | libgnutls30 | 3.5.18-1ubuntu1.4 | 3.5.18-1ubuntu1.6 |
MEDIUM | CVE-2018-20217 | Reachable assertion in the KDC using S4U2Self requests | libgssapi-krb5-2 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2020-28196 | krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may | libgssapi-krb5-2 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.2 |
MEDIUM | CVE-2021-36222 | krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re | libgssapi-krb5-2 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2021-37750 | krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l | libgssapi-krb5-2 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libgssapi-krb5-2 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2021-20305 | nettle: Out of bounds memory access in signature verification | libhogweed4 | 3.4-1 | 3.4-1ubuntu0.1 |
MEDIUM | CVE-2021-3580 | Remote crash in RSA decryption via manipulated ciphertext | libhogweed4 | 3.4-1 | 3.4.1-0ubuntu0.18.04.1 |
MEDIUM | CVE-2020-8287 | HTTP request smuggling via two copies of a header field in an http request | libhttp-parser2.7.1 | 2.7.1-2 | 2.7.1-2ubuntu0.1 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2021-23358 | nodejs-underscore: Arbitrary code execution via the template function | libjs-underscore | 1.8.3~dfsg-1 | 1.8.3~dfsg-1ubuntu0.1 |
MEDIUM | CVE-2018-20217 | Reachable assertion in the KDC using S4U2Self requests | libk5crypto3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2020-28196 | krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may | libk5crypto3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.2 |
MEDIUM | CVE-2021-36222 | krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re | libk5crypto3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2021-37750 | krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l | libk5crypto3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libk5crypto3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2018-20217 | Reachable assertion in the KDC using S4U2Self requests | libkrb5-3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2020-28196 | krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may | libkrb5-3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.2 |
MEDIUM | CVE-2021-36222 | krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re | libkrb5-3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2021-37750 | krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l | libkrb5-3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libkrb5-3 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2018-20217 | Reachable assertion in the KDC using S4U2Self requests | libkrb5support0 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2020-28196 | krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may | libkrb5support0 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.2 |
MEDIUM | CVE-2021-36222 | krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re | libkrb5support0 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2021-37750 | krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l | libkrb5support0 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.4 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libkrb5support0 | 1.16-2ubuntu0.1 | 1.16-2ubuntu0.3 |
MEDIUM | CVE-2022-47629 | libksba: integer overflow to code execution | libksba8 | 1.3.5-2 | 1.3.5-2ubuntu0.18.04.2 |
MEDIUM | CVE-2020-25692 | NULL pointer dereference for unauthenticated packet in slapd | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.7 |
MEDIUM | CVE-2020-25709 | openldap: assertion failure in Certificate List syntax validation | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.8 |
MEDIUM | CVE-2020-25710 | openldap: assertion failure in CSN normalization with invalid input | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.8 |
MEDIUM | CVE-2020-36221 | openldap: Integer underflow in serialNumberAndIssuerCheck in schema_init.c | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36222 | openldap: Assertion failure in slapd in the saslAuthzTo validation | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36223 | openldap: Out-of-bounds read in Values Return Filter | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36224 | openldap: Invalid pointer free in the saslAuthzTo processing | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36225 | openldap: Double free in the saslAuthzTo processing | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36226 | openldap: Denial of service via length miscalculation in slap_parse_user | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36227 | openldap: Infinite loop in slapd with the cancel_extop Cancel operation | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36228 | openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36229 | openldap: Type confusion in ad_keystring in ad.c | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36230 | openldap: Assertion failure in ber_next_element in decode.c | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2021-27212 | Assertion failure in slapd in the issuerAndThisUpdateCheck function | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.10 |
MEDIUM | CVE-2022-29155 | OpenLDAP SQL injection | libldap-2.4-2 | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.11 |
MEDIUM | CVE-2020-25692 | NULL pointer dereference for unauthenticated packet in slapd | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.7 |
MEDIUM | CVE-2020-25709 | openldap: assertion failure in Certificate List syntax validation | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.8 |
MEDIUM | CVE-2020-25710 | openldap: assertion failure in CSN normalization with invalid input | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.8 |
MEDIUM | CVE-2020-36221 | openldap: Integer underflow in serialNumberAndIssuerCheck in schema_init.c | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36222 | openldap: Assertion failure in slapd in the saslAuthzTo validation | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36223 | openldap: Out-of-bounds read in Values Return Filter | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36224 | openldap: Invalid pointer free in the saslAuthzTo processing | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36225 | openldap: Double free in the saslAuthzTo processing | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36226 | openldap: Denial of service via length miscalculation in slap_parse_user | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36227 | openldap: Infinite loop in slapd with the cancel_extop Cancel operation | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36228 | openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36229 | openldap: Type confusion in ad_keystring in ad.c | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2020-36230 | openldap: Assertion failure in ber_next_element in decode.c | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.9 |
MEDIUM | CVE-2021-27212 | Assertion failure in slapd in the issuerAndThisUpdateCheck function | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.10 |
MEDIUM | CVE-2022-29155 | OpenLDAP SQL injection | libldap-common | 2.4.45+dfsg-1ubuntu1.6 | 2.4.45+dfsg-1ubuntu1.11 |
MEDIUM | CVE-2021-3520 | memory corruption due to an integer overflow bug caused by memmove argument | liblz4-1 | 0.0~r131-2ubuntu3 | 0.0~r131-2ubuntu3.1 |
MEDIUM | CVE-2022-1271 | arbitrary-file-write vulnerability | liblzma5 | 5.2.2-1.3 | 5.2.2-1.3ubuntu0.1 |
MEDIUM | CVE-2023-29491 | ncurses: Local users can trigger security-relevant memory corruption via malformed data | libncurses5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
MEDIUM | CVE-2023-29491 | ncurses: Local users can trigger security-relevant memory corruption via malformed data | libncursesw5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
MEDIUM | CVE-2021-20305 | nettle: Out of bounds memory access in signature verification | libnettle6 | 3.4-1 | 3.4-1ubuntu0.1 |
MEDIUM | CVE-2021-3580 | Remote crash in RSA decryption via manipulated ciphertext | libnettle6 | 3.4-1 | 3.4.1-0ubuntu0.18.04.1 |
MEDIUM | CVE-2020-29361 | integer overflow when allocating memory for arrays or attributes and object identifiers | libp11-kit0 | 0.23.9-2 | 0.23.9-2ubuntu0.1 |
MEDIUM | CVE-2020-29362 | out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c | libp11-kit0 | 0.23.9-2 | 0.23.9-2ubuntu0.1 |
MEDIUM | CVE-2020-29363 | out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c | libp11-kit0 | 0.23.9-2 | 0.23.9-2ubuntu0.1 |
MEDIUM | CVE-2021-3177 | Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c | libpython2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.6 |
MEDIUM | CVE-2021-4189 | ftplib should not use the host from the PASV response | libpython2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-0391 | urllib.parse does not sanitize URLs containing ASCII newline and tabs | libpython2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-45061 | CPU denial of service via inefficient IDNA decoder | libpython2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.10 |
MEDIUM | CVE-2021-3177 | Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c | libpython2.7-stdlib | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.6 |
MEDIUM | CVE-2021-4189 | ftplib should not use the host from the PASV response | libpython2.7-stdlib | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-0391 | urllib.parse does not sanitize URLs containing ASCII newline and tabs | libpython2.7-stdlib | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-45061 | CPU denial of service via inefficient IDNA decoder | libpython2.7-stdlib | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.10 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2020-35525 | Null pointer derreference in src/select.c | libsqlite3-0 | 3.22.0-1ubuntu0.4 | 3.22.0-1ubuntu0.6 |
MEDIUM | CVE-2022-35737 | an array-bounds overflow if billions of bytes are used in a string argument to a C API | libsqlite3-0 | 3.22.0-1ubuntu0.4 | 3.22.0-1ubuntu0.7 |
MEDIUM | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | libss2 | 1.44.1-1ubuntu1.3 | 1.44.1-1ubuntu1.4 |
MEDIUM | CVE-2021-23841 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.6 |
MEDIUM | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.7 |
MEDIUM | CVE-2022-1292 | c_rehash script allows command injection | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.9 |
MEDIUM | CVE-2022-2068 | the c_rehash script allows command injection | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.10 |
MEDIUM | CVE-2023-0215 | use-after-free following BIO_new_NDEF | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.11 |
MEDIUM | CVE-2023-2650 | openssl: Possible DoS translating ASN.1 object identifiers | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.13 |
MEDIUM | CVE-2021-23841 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.6 |
MEDIUM | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.7 |
MEDIUM | CVE-2022-1292 | c_rehash script allows command injection | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.9 |
MEDIUM | CVE-2022-2068 | the c_rehash script allows command injection | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.10 |
MEDIUM | CVE-2023-0215 | use-after-free following BIO_new_NDEF | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.11 |
MEDIUM | CVE-2023-2650 | openssl: Possible DoS translating ASN.1 object identifiers | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.13 |
MEDIUM | CVE-2021-23841 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.8 |
MEDIUM | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.13 |
MEDIUM | CVE-2022-1292 | c_rehash script allows command injection | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.17 |
MEDIUM | CVE-2022-2068 | the c_rehash script allows command injection | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.19 |
MEDIUM | CVE-2022-2097 | AES OCB fails to encrypt some bytes | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.20 |
MEDIUM | CVE-2022-4304 | openssl: timing attack in RSA Decryption implementation | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
MEDIUM | CVE-2022-4450 | double free after calling PEM_read_bio_ex | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
MEDIUM | CVE-2023-0215 | use-after-free following BIO_new_NDEF | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
MEDIUM | CVE-2023-2650 | openssl: Possible DoS translating ASN.1 object identifiers | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.23 |
MEDIUM | CVE-2022-2526 | systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c | libsystemd0 | 237-3ubuntu10.42 | 237-3ubuntu10.56 |
MEDIUM | CVE-2022-3821 | systemd: buffer overrun in format_timespan() function | libsystemd0 | 237-3ubuntu10.42 | 237-3ubuntu10.57 |
MEDIUM | CVE-2023-29491 | ncurses: Local users can trigger security-relevant memory corruption via malformed data | libtinfo5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
MEDIUM | CVE-2022-2526 | systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c | libudev1 | 237-3ubuntu10.42 | 237-3ubuntu10.56 |
MEDIUM | CVE-2022-3821 | systemd: buffer overrun in format_timespan() function | libudev1 | 237-3ubuntu10.42 | 237-3ubuntu10.57 |
MEDIUM | CVE-2018-16860 | samba: S4U2Self with unkeyed checksum | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ... | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-3116 | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 | |
MEDIUM | CVE-2022-3437 | samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ... | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.2 |
MEDIUM | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ... | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.3 |
MEDIUM | CVE-2022-45142 | samba: CVE-2022-3437 fix introduced a logic inversion | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.4 |
MEDIUM | CVE-2021-31535 | missing request length checks | libx11-6 | 2:1.6.4-3ubuntu0.3 | 2:1.6.4-3ubuntu0.4 |
MEDIUM | CVE-2021-31535 | missing request length checks | libx11-data | 2:1.6.4-3ubuntu0.3 | 2:1.6.4-3ubuntu0.4 |
MEDIUM | CVE-2016-3709 | Incorrect server side include parsing can lead to XSS | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.7 |
MEDIUM | CVE-2021-3516 | libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.4 |
MEDIUM | CVE-2021-3517 | libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.4 |
MEDIUM | CVE-2021-3518 | libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.4 |
MEDIUM | CVE-2021-3537 | NULL pointer dereference when post-validating mixed content parsed in recovery mode | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.4 |
MEDIUM | CVE-2022-23308 | Use-after-free of ID and IDREF attributes | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.5 |
MEDIUM | CVE-2022-29824 | integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.6 |
MEDIUM | CVE-2022-40303 | libxml2: integer overflows with XML_PARSE_HUGE | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.8 |
MEDIUM | CVE-2022-40304 | libxml2: dict corruption caused by entity reference cycles | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.8 |
MEDIUM | CVE-2023-28484 | libxml2: NULL dereference in xmlSchemaFixupComplexType | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.9 |
MEDIUM | CVE-2023-29469 | libxml2: Hashing of empty dict strings isn't deterministic | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.9 |
MEDIUM | CVE-2019-5815 | chromium-browser: Heap buffer overflow in Blink | libxslt1.1 | 1.1.29-5ubuntu0.2 | 1.1.29-5ubuntu0.3 |
MEDIUM | CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ... | libxslt1.1 | 1.1.29-5ubuntu0.2 | 1.1.29-5ubuntu0.3 |
MEDIUM | CVE-2021-24031 | adds read permissions to files while being compressed or uncompressed | libzstd1 | 1.3.3+dfsg-2ubuntu1.1 | 1.3.3+dfsg-2ubuntu1.2 |
MEDIUM | CVE-2021-24032 | Race condition allows attacker to access world-readable destination file | libzstd1 | 1.3.3+dfsg-2ubuntu1.1 | 1.3.3+dfsg-2ubuntu1.2 |
MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
MEDIUM | CVE-2023-29491 | ncurses: Local users can trigger security-relevant memory corruption via malformed data | ncurses-base | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
MEDIUM | CVE-2023-29491 | ncurses: Local users can trigger security-relevant memory corruption via malformed data | ncurses-bin | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
MEDIUM | CVE-2022-3517 | nodejs-minimatch: ReDoS via the braceExpand function | node-minimatch | 3.0.4-3 | 3.0.4-3+deb10u1build0.18.04.1 |
MEDIUM | CVE-2021-23358 | nodejs-underscore: Arbitrary code execution via the template function | node-underscore | 1.8.3~dfsg-1 | 1.8.3~dfsg-1ubuntu0.1 |
MEDIUM | CVE-2021-23841 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.8 |
MEDIUM | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.13 |
MEDIUM | CVE-2022-1292 | c_rehash script allows command injection | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.17 |
MEDIUM | CVE-2022-2068 | the c_rehash script allows command injection | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.19 |
MEDIUM | CVE-2022-2097 | AES OCB fails to encrypt some bytes | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.20 |
MEDIUM | CVE-2022-4304 | openssl: timing attack in RSA Decryption implementation | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
MEDIUM | CVE-2022-4450 | double free after calling PEM_read_bio_ex | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
MEDIUM | CVE-2023-0215 | use-after-free following BIO_new_NDEF | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.21 |
MEDIUM | CVE-2023-2650 | openssl: Possible DoS translating ASN.1 object identifiers | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.23 |
MEDIUM | CVE-2022-40897 | pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py | python-pkg-resources | 39.0.1-2 | 39.0.1-2ubuntu0.1 |
MEDIUM | CVE-2021-3177 | Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c | python2.7 | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.6 |
MEDIUM | CVE-2021-4189 | ftplib should not use the host from the PASV response | python2.7 | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-0391 | urllib.parse does not sanitize URLs containing ASCII newline and tabs | python2.7 | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-45061 | CPU denial of service via inefficient IDNA decoder | python2.7 | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.10 |
MEDIUM | CVE-2021-3177 | Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c | python2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.6 |
MEDIUM | CVE-2021-4189 | ftplib should not use the host from the PASV response | python2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-0391 | urllib.parse does not sanitize URLs containing ASCII newline and tabs | python2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.7 |
MEDIUM | CVE-2022-45061 | CPU denial of service via inefficient IDNA decoder | python2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.10 |
MEDIUM | CVE-2022-48303 | heap buffer overflow at from_header() in list.c via specially crafted checksum | tar | 1.29b-2ubuntu0.1 | 1.29b-2ubuntu0.4 |
MEDIUM | CVE-2022-1271 | arbitrary-file-write vulnerability | xz-utils | 5.2.2-1.3 | 5.2.2-1.3ubuntu0.1 |
MEDIUM | CVE-2018-25032 | A flaw found in zlib when compressing (not decompressing) certain inputs | zlib1g | 1:1.2.11.dfsg-0ubuntu2 | 1:1.2.11.dfsg-0ubuntu2.1 |
MEDIUM | CVE-2022-37434 | heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra fie | zlib1g | 1:1.2.11.dfsg-0ubuntu2 | 1:1.2.11.dfsg-0ubuntu2.2 |
MEDIUM | CVE-2022-33987 | nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets | got | 7.1.0 | 12.1.0, 11.8.5 |
MEDIUM | CVE-2022-33987 | nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets | got | 8.3.2 | 12.1.0, 11.8.5 |
MEDIUM | CVE-2021-41182 | jquery-ui: XSS in the altField option of the datepicker widget | jquery-ui | 1.11.4 | 1.13.0 |
MEDIUM | CVE-2021-41183 | jquery-ui: XSS in *Text options of the datepicker widget | jquery-ui | 1.11.4 | 1.13.0 |
MEDIUM | CVE-2021-41184 | jquery-ui: XSS in the 'of' option of the .position() util | jquery-ui | 1.11.4 | 1.13.0 |
MEDIUM | CVE-2022-31160 | XSS when refreshing a checkboxradio with an HTML-like initial text label | jquery-ui | 1.11.4 | 1.13.2 |
MEDIUM | CVE-2017-16022 | Cross-Site Scripting in morris.js | morris.js | 0.5.0 | |
MEDIUM | CVE-2017-16022 | Cross-Site Scripting in morris.js | morris.js | 0.5.0 | |
MEDIUM | NSWG-ECO-307 | XSS in Hover Over Label Names | morris.js | 0.5.0 | <0.0.0 |
MEDIUM | NSWG-ECO-307 | XSS in Hover Over Label Names | morris.js | 0.5.0 | <0.0.0 |
MEDIUM | CVE-2022-25883 | nodejs-semver: Regular expression denial of service | semver | 5.7.1 | 7.5.2, 6.3.1, 5.7.2 |
MEDIUM | CVE-2022-25883 | nodejs-semver: Regular expression denial of service | semver | 6.3.0 | 7.5.2, 6.3.1, 5.7.2 |
MEDIUM | CVE-2022-23491 | untrusted root certificates | certifi | 2021.10.8 | 2022.12.07 |
MEDIUM | CVE-2023-23931 | python-cryptography: memory corruption via immutable objects | cryptography | 38.0.4 | 39.0.1 |
MEDIUM | CVE-2023-32681 | python-requests: Unintended leak of Proxy-Authorization header | requests | 2.26.0 | 2.31.0 |
MEDIUM | GHSA-74m5-2c7w-9w3x | MultipartParser denial of service with too many fields or files | starlette | 0.16.0 | 0.25.0 |
LOW | CVE-2020-35452 | httpd: Single zero byte stack overflow in mod_auth_digest | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
LOW | CVE-2022-22721 | Possible buffer overflow with very large or unlimited LimitXMLRequestBody | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
LOW | CVE-2022-28614 | httpd: Out-of-bounds read via ap_rwrite() | apache2 | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
LOW | CVE-2020-35452 | httpd: Single zero byte stack overflow in mod_auth_digest | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
LOW | CVE-2022-22721 | Possible buffer overflow with very large or unlimited LimitXMLRequestBody | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
LOW | CVE-2022-28614 | httpd: Out-of-bounds read via ap_rwrite() | apache2-bin | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
LOW | CVE-2020-35452 | httpd: Single zero byte stack overflow in mod_auth_digest | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
LOW | CVE-2022-22721 | Possible buffer overflow with very large or unlimited LimitXMLRequestBody | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
LOW | CVE-2022-28614 | httpd: Out-of-bounds read via ap_rwrite() | apache2-data | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
LOW | CVE-2020-35452 | httpd: Single zero byte stack overflow in mod_auth_digest | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.16 |
LOW | CVE-2022-22721 | Possible buffer overflow with very large or unlimited LimitXMLRequestBody | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.22 |
LOW | CVE-2022-28614 | httpd: Out-of-bounds read via ap_rwrite() | apache2-utils | 2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.24 |
LOW | CVE-2019-18276 | when effective UID is not equal to its real UID the saved UID is not dropped | bash | 4.4.18-2ubuntu1.2 | 4.4.18-2ubuntu1.3 |
LOW | CVE-2020-8284 | curl: FTP PASV command response can cause curl to connect to arbitrary host | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
LOW | CVE-2021-22898 | TELNET stack contents disclosure | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
LOW | CVE-2022-27776 | curl: auth/cookie leak on redirect | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
LOW | CVE-2022-27781 | CERTINFO never-ending busy-loop | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.18 |
LOW | CVE-2022-35252 | Incorrect handling of control code characters in cookies | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.20 |
LOW | CVE-2023-27533 | TELNET option IAC injection | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27534 | SFTP path ~ resolving discrepancy | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27536 | curl: GSS delegation too eager connection re-use | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27538 | SSH connection too eager reuse still | curl | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | dirmngr | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gnupg | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gnupg-l10n | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gnupg-utils | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gpg | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gpg-agent | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gpg-wks-client | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gpg-wks-server | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gpgconf | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gpgsm | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-13050 | GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack | gpgv | 2.2.4-1ubuntu1.3 | 2.2.4-1ubuntu1.5 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libasn1-8-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2016-10228 | glibc: iconv program can hang when invoked with the -c option | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2019-25013 | buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-27618 | glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-29562 | glibc: assertion failure in iconv when converting invalid UCS4 | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-6096 | glibc: signed comparison vulnerability in the ARMv7 memcpy function | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-3326 | Assertion failure in ISO-2022-JP-3 gconv module related to combining characters | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-35942 | Arbitrary read in wordexp() | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | libc-bin | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2016-10228 | glibc: iconv program can hang when invoked with the -c option | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2019-25013 | buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-27618 | glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-29562 | glibc: assertion failure in iconv when converting invalid UCS4 | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-6096 | glibc: signed comparison vulnerability in the ARMv7 memcpy function | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-3326 | Assertion failure in ISO-2022-JP-3 gconv module related to combining characters | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-35942 | Arbitrary read in wordexp() | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | libc6 | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-8284 | curl: FTP PASV command response can cause curl to connect to arbitrary host | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
LOW | CVE-2021-22898 | TELNET stack contents disclosure | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
LOW | CVE-2022-27776 | curl: auth/cookie leak on redirect | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
LOW | CVE-2022-27781 | CERTINFO never-ending busy-loop | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.18 |
LOW | CVE-2022-35252 | Incorrect handling of control code characters in cookies | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.20 |
LOW | CVE-2023-27533 | TELNET option IAC injection | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27534 | SFTP path ~ resolving discrepancy | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27536 | curl: GSS delegation too eager connection re-use | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27538 | SSH connection too eager reuse still | libcurl3-gnutls | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2020-8284 | curl: FTP PASV command response can cause curl to connect to arbitrary host | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.12 |
LOW | CVE-2021-22898 | TELNET stack contents disclosure | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.14 |
LOW | CVE-2022-27776 | curl: auth/cookie leak on redirect | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.17 |
LOW | CVE-2022-27781 | CERTINFO never-ending busy-loop | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.18 |
LOW | CVE-2022-35252 | Incorrect handling of control code characters in cookies | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.20 |
LOW | CVE-2023-27533 | TELNET option IAC injection | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27534 | SFTP path ~ resolving discrepancy | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27536 | curl: GSS delegation too eager connection re-use | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2023-27538 | SSH connection too eager reuse still | libcurl4 | 7.58.0-2ubuntu3.10 | 7.58.0-2ubuntu3.24 |
LOW | CVE-2021-45960 | Large number of prefixed XML attributes on a single tag can crash libexpat | libexpat1 | 2.2.5-3ubuntu0.2 | 2.2.5-3ubuntu0.4 |
LOW | CVE-2021-33560 | mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack ag | libgcrypt20 | 1.8.1-4ubuntu1.2 | 1.8.1-4ubuntu1.3 |
LOW | CVE-2021-43618 | Integer overflow and resultant buffer overflow via crafted input | libgmp10 | 2:6.1.2+dfsg-2 | 2:6.1.2+dfsg-2ubuntu0.1 |
LOW | CVE-2021-4209 | Null pointer dereference in MD_UPDATE | libgnutls30 | 3.5.18-1ubuntu1.4 | 3.5.18-1ubuntu1.6 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libgssapi3-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libhcrypto4-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libheimbase1-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libheimntlm0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2018-16869 | Leaky data conversion exposing a manager oracle | libhogweed4 | 3.4-1 | 3.4.1-0ubuntu0.18.04.1 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libhx509-5-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2020-21913 | icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp | libicu60 | 60.2-3ubuntu3.1 | 60.2-3ubuntu3.2 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libkrb5-26-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2019-17594 | heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c | libncurses5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2019-17595 | heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c | libncurses5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2021-39537 | heap-based buffer overflow in _nc_captoinfo() in captoinfo.c | libncurses5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2022-29458 | segfaulting OOB read | libncurses5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2019-17594 | heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c | libncursesw5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2019-17595 | heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c | libncursesw5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2021-39537 | heap-based buffer overflow in _nc_captoinfo() in captoinfo.c | libncursesw5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2022-29458 | segfaulting OOB read | libncursesw5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2018-16869 | Leaky data conversion exposing a manager oracle | libnettle6 | 3.4-1 | 3.4.1-0ubuntu0.18.04.1 |
LOW | CVE-2022-28321 | pam: authentication bypass for SSH logins | libpam-modules | 1.1.8-3.6ubuntu2.18.04.2 | 1.1.8-3.6ubuntu2.18.04.4 |
LOW | CVE-2022-28321 | pam: authentication bypass for SSH logins | libpam-modules-bin | 1.1.8-3.6ubuntu2.18.04.2 | 1.1.8-3.6ubuntu2.18.04.4 |
LOW | CVE-2022-28321 | pam: authentication bypass for SSH logins | libpam-runtime | 1.1.8-3.6ubuntu2.18.04.2 | 1.1.8-3.6ubuntu2.18.04.4 |
LOW | CVE-2022-28321 | pam: authentication bypass for SSH logins | libpam0g | 1.1.8-3.6ubuntu2.18.04.2 | 1.1.8-3.6ubuntu2.18.04.4 |
LOW | CVE-2019-20838 | pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 | libpcre3 | 2:8.39-9 | 2:8.39-9ubuntu0.1 |
LOW | CVE-2020-14155 | pcre: Integer overflow when parsing callout numeric arguments | libpcre3 | 2:8.39-9 | 2:8.39-9ubuntu0.1 |
LOW | CVE-2015-20107 | python: mailcap: findmatch() function does not sanitize the second argument | libpython2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.8 |
LOW | CVE-2015-20107 | python: mailcap: findmatch() function does not sanitize the second argument | libpython2.7-stdlib | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.8 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libroken18-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-36084 | libsepol: use-after-free in __cil_verify_classperms() | libsepol1 | 2.7-1 | 2.7-1ubuntu0.1 |
LOW | CVE-2021-36085 | libsepol: use-after-free in __cil_verify_classperms() | libsepol1 | 2.7-1 | 2.7-1ubuntu0.1 |
LOW | CVE-2021-36086 | use-after-free in cil_reset_classpermission() | libsepol1 | 2.7-1 | 2.7-1ubuntu0.1 |
LOW | CVE-2021-36087 | libsepol: heap-based buffer overflow in ebitmap_match_any() | libsepol1 | 2.7-1 | 2.7-1ubuntu0.1 |
LOW | CVE-2021-36690 | A segmentation fault can occur in the sqlite3.exe command-line compone ... | libsqlite3-0 | 3.22.0-1ubuntu0.4 | 3.22.0-1ubuntu0.5 |
LOW | CVE-2021-23840 | integer overflow in CipherUpdate | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.6 |
LOW | CVE-2023-0464 | openssl: Denial of service by excessive resource usage in verifying X509 policy constraints | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.12 |
LOW | CVE-2023-0465 | openssl: Invalid certificate policies in leaf certificates are silently ignored | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.12 |
LOW | CVE-2023-0466 | openssl: Certificate policy check not enabled | libssl1.0-dev | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.12 |
LOW | CVE-2021-23840 | integer overflow in CipherUpdate | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.6 |
LOW | CVE-2023-0464 | openssl: Denial of service by excessive resource usage in verifying X509 policy constraints | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.12 |
LOW | CVE-2023-0465 | openssl: Invalid certificate policies in leaf certificates are silently ignored | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.12 |
LOW | CVE-2023-0466 | openssl: Certificate policy check not enabled | libssl1.0.0 | 1.0.2n-1ubuntu5.4 | 1.0.2n-1ubuntu5.12 |
LOW | CVE-2021-23840 | integer overflow in CipherUpdate | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.8 |
LOW | CVE-2023-0464 | openssl: Denial of service by excessive resource usage in verifying X509 policy constraints | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.22 |
LOW | CVE-2023-0465 | openssl: Invalid certificate policies in leaf certificates are silently ignored | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.22 |
LOW | CVE-2023-0466 | openssl: Certificate policy check not enabled | libssl1.1 | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.22 |
LOW | CVE-2020-13529 | systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t | libsystemd0 | 237-3ubuntu10.42 | 237-3ubuntu10.49 |
LOW | CVE-2019-17594 | heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c | libtinfo5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2019-17595 | heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c | libtinfo5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2021-39537 | heap-based buffer overflow in _nc_captoinfo() in captoinfo.c | libtinfo5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2022-29458 | segfaulting OOB read | libtinfo5 | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2020-13529 | systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t | libudev1 | 237-3ubuntu10.42 | 237-3ubuntu10.49 |
LOW | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymou ... | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2021-3671 | samba: Null pointer dereference on missing sname in TGS-REQ | libwind0-heimdal | 7.5.0+dfsg-1 | 7.5.0+dfsg-1ubuntu0.1 |
LOW | CVE-2019-20388 | libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.4 |
LOW | CVE-2020-24977 | libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c | libxml2 | 2.9.4+dfsg1-6.1ubuntu1.3 | 2.9.4+dfsg1-6.1ubuntu1.4 |
LOW | CVE-2016-10228 | glibc: iconv program can hang when invoked with the -c option | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2019-25013 | buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-27618 | glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-29562 | glibc: assertion failure in iconv when converting invalid UCS4 | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-6096 | glibc: signed comparison vulnerability in the ARMv7 memcpy function | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-3326 | Assertion failure in ISO-2022-JP-3 gconv module related to combining characters | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-35942 | Arbitrary read in wordexp() | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | locales | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2018-7169 | shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing p | login | 1:4.5-1ubuntu2 | 1:4.5-1ubuntu2.2 |
LOW | CVE-2016-10228 | glibc: iconv program can hang when invoked with the -c option | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2019-25013 | buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-27618 | glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-29562 | glibc: assertion failure in iconv when converting invalid UCS4 | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2020-6096 | glibc: signed comparison vulnerability in the ARMv7 memcpy function | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-3326 | Assertion failure in ISO-2022-JP-3 gconv module related to combining characters | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2021-35942 | Arbitrary read in wordexp() | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | multiarch-support | 2.27-3ubuntu1.2 | 2.27-3ubuntu1.5 |
LOW | CVE-2019-17594 | heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c | ncurses-base | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2019-17595 | heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c | ncurses-base | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2021-39537 | heap-based buffer overflow in _nc_captoinfo() in captoinfo.c | ncurses-base | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2022-29458 | segfaulting OOB read | ncurses-base | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2019-17594 | heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c | ncurses-bin | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2019-17595 | heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c | ncurses-bin | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2021-39537 | heap-based buffer overflow in _nc_captoinfo() in captoinfo.c | ncurses-bin | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2022-29458 | segfaulting OOB read | ncurses-bin | 6.1-1ubuntu1.18.04 | 6.1-1ubuntu1.18.04.1 |
LOW | CVE-2021-23840 | integer overflow in CipherUpdate | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.8 |
LOW | CVE-2023-0464 | openssl: Denial of service by excessive resource usage in verifying X509 policy constraints | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.22 |
LOW | CVE-2023-0465 | openssl: Invalid certificate policies in leaf certificates are silently ignored | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.22 |
LOW | CVE-2023-0466 | openssl: Certificate policy check not enabled | openssl | 1.1.1-1ubuntu2.1~18.04.6 | 1.1.1-1ubuntu2.1~18.04.22 |
LOW | CVE-2018-7169 | shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing p | passwd | 1:4.5-1ubuntu2 | 1:4.5-1ubuntu2.2 |
LOW | CVE-2015-20107 | python: mailcap: findmatch() function does not sanitize the second argument | python2.7 | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.8 |
LOW | CVE-2015-20107 | python: mailcap: findmatch() function does not sanitize the second argument | python2.7-minimal | 2.7.17-1~18.04ubuntu1.2 | 2.7.17-1~18.04ubuntu1.8 |
LOW | CVE-2018-20482 | tar: Infinite read loop in sparse_dump_region function in sparse.c | tar | 1.29b-2ubuntu0.1 | 1.29b-2ubuntu0.2 |
LOW | CVE-2019-9923 | tar: null-pointer dereference in pax_decode_header in sparse.c | tar | 1.29b-2ubuntu0.1 | 1.29b-2ubuntu0.2 |
LOW | CVE-2021-20193 | tar: Memory leak in read_header() in list.c | tar | 1.29b-2ubuntu0.1 | 1.29b-2ubuntu0.3 |
LOW | CVE-2021-43307 | Regular expression denial of service in semver-regex | semver-regex | 2.0.0 | 3.1.4, 4.0.3 |
LOW | GHSA-5cpq-8wj7-hf2v | Vulnerable OpenSSL included in cryptography wheels | cryptography | 38.0.4 | 41.0.0 |
LOW | GHSA-jm77-qphf-c4w8 | pyca/cryptography's wheels include vulnerable OpenSSL | cryptography | 38.0.4 | 41.0.3 |
LOW | GHSA-v8gr-m533-ghj9 | Vulnerable OpenSSL included in cryptography wheels | cryptography | 38.0.4 | 41.0.4 |
LOW | CVE-2023-29159 | Starlette has Path Traversal vulnerability in StaticFiles | starlette | 0.16.0 | 0.27.0 |
Date: 2023-11-21