Search CVE reports
171 – 180 of 39653 results
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb`...
2 affected packages
libhttp-tiny-perl, perl
| Package | 24.04 LTS |
|---|---|
| libhttp-tiny-perl | Needs evaluation |
| perl | Needs evaluation |
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect...
1 affected package
389-ds-base
| Package | 24.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |
A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint...
1 affected package
gst-plugins-bad1.0
| Package | 24.04 LTS |
|---|---|
| gst-plugins-bad1.0 | Needs evaluation |
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Needs evaluation |
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Needs evaluation |
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Needs evaluation |
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the...
1 affected package
389-ds-base
| Package | 24.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence...
1 affected package
perl
| Package | 24.04 LTS |
|---|---|
| perl | Not affected |
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to...
1 affected package
sssd
| Package | 24.04 LTS |
|---|---|
| sssd | Needs evaluation |
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to...
1 affected package
sssd
| Package | 24.04 LTS |
|---|---|
| sssd | Needs evaluation |