Search CVE reports
1 – 10 of 27992 results
CVE-2021-3978
Medium priorityNot in release
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root...
1 affected package
cfrpki
| Package | 20.04 LTS |
|---|---|
| cfrpki | Not in release |
CVE-2024-57965
Medium priorityIn axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses...
1 affected package
node-axios
| Package | 20.04 LTS |
|---|---|
| node-axios | Needs evaluation |
CVE-2025-0577
Medium priority[Unknown description]
2 affected packages
eglibc, glibc
| Package | 20.04 LTS |
|---|---|
| eglibc | Not in release |
| glibc | Needs evaluation |
CVE-2024-9042
Medium priority[Unknown description]
1 affected package
kubernetes
| Package | 20.04 LTS |
|---|---|
| kubernetes | Not affected |
CVE-2024-12705
Medium priorityDNS-over-HTTPS implementation suffers from multiple issues under heavy query load
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 20.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| bind9-libs | Needs evaluation |
| isc-dhcp | Not affected |
CVE-2024-11187
Medium priorityMany records in the additional section cause CPU exhaustion
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 20.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| bind9-libs | Needs evaluation |
| isc-dhcp | Not affected |
CVE-2024-40675
Medium priorityIn parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
1 affected package
android-platform-frameworks-base
| Package | 20.04 LTS |
|---|---|
| android-platform-frameworks-base | Ignored |
CVE-2024-40673
Medium priorityIn Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional...
1 affected package
android-platform-libcore
| Package | 20.04 LTS |
|---|---|
| android-platform-libcore | Needs evaluation |
CVE-2025-0781
Medium priorityAn attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
2 affected packages
flightgear, simgear
| Package | 20.04 LTS |
|---|---|
| flightgear | Needs evaluation |
| simgear | Needs evaluation |
CVE-2025-23084
Medium priorityA vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js...
1 affected package
nodejs
| Package | 20.04 LTS |
|---|---|
| nodejs | Needs evaluation |