Search CVE reports
101 – 110 of 29881 results
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey...
1 affected package
gokey
| Package | 24.04 LTS |
|---|---|
| gokey | Needs evaluation |
Not in release
A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
1 affected package
liblivemedia
| Package | 24.04 LTS |
|---|---|
| liblivemedia | Not in release |
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS |
|---|---|
| python2.7 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Not in release |
| python3.11 | Not in release |
| python3.12 | Needs evaluation |
| python3.13 | Not in release |
| python3.14 | Not in release |
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory,...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS |
|---|---|
| python2.7 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Not in release |
| python3.11 | Not in release |
| python3.12 | Needs evaluation |
| python3.13 | Not in release |
| python3.14 | Not in release |
Not in release
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
1 affected package
liblivemedia
| Package | 24.04 LTS |
|---|---|
| liblivemedia | Not in release |
Not in release
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
1 affected package
liblivemedia
| Package | 24.04 LTS |
|---|---|
| liblivemedia | Not in release |
Not in release
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
1 affected package
liblivemedia
| Package | 24.04 LTS |
|---|---|
| liblivemedia | Not in release |
Not in release
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
1 affected package
liblivemedia
| Package | 24.04 LTS |
|---|---|
| liblivemedia | Not in release |