Search CVE reports
21 – 30 of 38252 results
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR...
1 affected package
openexr
| Package | 20.04 LTS |
|---|---|
| openexr | Needs evaluation |
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web...
1 affected package
activemq
| Package | 20.04 LTS |
|---|---|
| activemq | Needs evaluation |
Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
2 affected packages
golang-github-boltdb-bolt, golang-github-coreos-bbolt
| Package | 20.04 LTS |
|---|---|
| golang-github-boltdb-bolt | Needs evaluation |
| golang-github-coreos-bbolt | Needs evaluation |
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by...
1 affected package
docker-registry
| Package | 20.04 LTS |
|---|---|
| docker-registry | Needs evaluation |
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances (when creating a Stomp consumer and also browsing messages in the...
1 affected package
activemq
| Package | 20.04 LTS |
|---|---|
| activemq | Needs evaluation |
Incorrect failure handling in RSA KEM RSASVE encapsulation
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Not affected |
Heap buffer overflow in hexadecimal conversion
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Not affected |
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction...
1 affected package
erlang
| Package | 20.04 LTS |
|---|---|
| erlang | Needs evaluation |
Possible NULL dereference when processing CMS KeyTransportRecipientInfo
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Vulnerable |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Needs evaluation |
Possible NULL dereference when processing CMS KeyAgreeRecipientInfo
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Vulnerable |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Needs evaluation |