Search CVE reports
31 – 40 of 29573 results
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
| Package | 22.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
| Package | 22.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
| Package | 22.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration...
1 affected package
jupyter-core
| Package | 22.04 LTS |
|---|---|
| jupyter-core | Needs evaluation |
When using Kerberos authentication with SMB, smbd doesn't pick up group membership changes when re-authenticating an expired SMB session
1 affected package
samba
| Package | 22.04 LTS |
|---|---|
| samba | Not affected |
[Netrc credential leak in PSF requests library]
2 affected packages
python-pip, requests
| Package | 22.04 LTS |
|---|---|
| python-pip | Needs evaluation |
| requests | Needs evaluation |
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
| Package | 22.04 LTS |
|---|---|
| python2.7 | Not affected |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
Not in release
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to...
1 affected package
grafana
| Package | 22.04 LTS |
|---|---|
| grafana | Not in release |
Not in release
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: -...
1 affected package
grafana
| Package | 22.04 LTS |
|---|---|
| grafana | Not in release |
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 22.04 LTS |
|---|---|
| qt6-base | Needs evaluation |
| qtbase-opensource-src | Needs evaluation |
| qtbase-opensource-src-gles | Needs evaluation |