Search CVE reports
21 – 30 of 42615 results
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the...
1 affected package
coturn
| Package | 20.04 LTS |
|---|---|
| coturn | Needs evaluation |
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An...
1 affected package
coturn
| Package | 20.04 LTS |
|---|---|
| coturn | Needs evaluation |
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The...
1 affected package
coturn
| Package | 20.04 LTS |
|---|---|
| coturn | Needs evaluation |
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8_to_unicode.cc...
1 affected package
modsecurity
| Package | 20.04 LTS |
|---|---|
| modsecurity | Needs evaluation |
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks...
1 affected package
modsecurity
| Package | 20.04 LTS |
|---|---|
| modsecurity | Needs evaluation |
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version...
1 affected package
apache-log4j2
| Package | 20.04 LTS |
|---|---|
| apache-log4j2 | Needs evaluation |
(In MariaDB server version through 11.8.5, when server audit plugin is ...)
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 20.04 LTS |
|---|---|
| mariadb | — |
| mariadb-10.0 | — |
| mariadb-10.1 | — |
| mariadb-10.3 | Needs evaluation |
| mariadb-10.6 | — |
(Integer overflow or wraparound vulnerability in Samsung Open Source rl ...)
1 affected package
rlottie
| Package | 20.04 LTS |
|---|---|
| rlottie | Needs evaluation |
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s...
1 affected package
wget
| Package | 20.04 LTS |
|---|---|
| wget | Needs evaluation |
(HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespa ...)
1 affected package
nomad
| Package | 20.04 LTS |
|---|---|
| nomad | Needs evaluation |