CVE-2023-24329 | python3.8 | 3.8.10-0ubuntu1~20.04.6 | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
CVE-2022-0391 | python2.7 | 2.7.18-1~20.04.3 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. |
CVE-2021-4189 | python2.7 | 2.7.18-1~20.04.3 | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. |
CVE-2023-24329 | python2.7 | 2.7.18-1~20.04.3 | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
CVE-2016-1585 | apparmor | 2.13.3-7ubuntu5.1 | In all versions of AppArmor mount rules are accidentally widened when compiled. |
CVE-2022-48303 | tar | 1.30+dfsg-7ubuntu0.20.04.2 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. |
CVE-2023-23916 | curl | 7.68.0-1ubuntu2.15 | An allocation of resources without limits or throttling vulnerability exists in curl |
CVE-2023-27535 | curl | 7.68.0-1ubuntu2.15 | FTP too eager connection reuse |
CVE-2021-37750 | krb5 | 1.17-6ubuntu4.2 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. |
CVE-2021-36222 | krb5 | 1.17-6ubuntu4.2 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. |
CVE-2023-0361 | gnutls28 | 3.6.13-2ubuntu1.7 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. |
CVE-2022-4415 | systemd | 245.4-4ubuntu3.19 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. |
CVE-2022-3821 | systemd | 245.4-4ubuntu3.19 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. |
CVE-2021-31879 | wget | 1.20.3-1ubuntu2 | GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. |