Search CVE reports
31 – 40 of 31050 results
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration...
1 affected package
jupyter-core
| Package | 20.04 LTS |
|---|---|
| jupyter-core | Needs evaluation |
When using Kerberos authentication with SMB, smbd doesn't pick up group membership changes when re-authenticating an expired SMB session
1 affected package
samba
| Package | 20.04 LTS |
|---|---|
| samba | Not affected |
[Netrc credential leak in PSF requests library]
2 affected packages
python-pip, requests
| Package | 20.04 LTS |
|---|---|
| python-pip | Needs evaluation |
| requests | Needs evaluation |
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
| Package | 20.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Not affected |
| python3.9 | Not affected |
Not in release
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to...
1 affected package
grafana
| Package | 20.04 LTS |
|---|---|
| grafana | Not in release |
Not in release
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: -...
1 affected package
grafana
| Package | 20.04 LTS |
|---|---|
| grafana | Not in release |
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 20.04 LTS |
|---|---|
| qt6-base | Not in release |
| qtbase-opensource-src | Needs evaluation |
| qtbase-opensource-src-gles | Needs evaluation |
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP...
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
3 affected packages
redict, redis, valkey
| Package | 20.04 LTS |
|---|---|
| redict | Not in release |
| redis | Needs evaluation |
| valkey | Not in release |
Not in release
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set...
1 affected package
python-signxml
| Package | 20.04 LTS |
|---|---|
| python-signxml | Not in release |