Search CVE reports
211 – 220 of 42416 results
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes...
4 affected packages
llvm-toolchain-18, llvm-toolchain-19, llvm-toolchain-21, llvm-toolchain-22
| Package | 20.04 LTS |
|---|---|
| llvm-toolchain-18 | Needs evaluation |
| llvm-toolchain-19 | — |
| llvm-toolchain-21 | — |
| llvm-toolchain-22 | — |
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in...
4 affected packages
llvm-toolchain-18, llvm-toolchain-19, llvm-toolchain-21, llvm-toolchain-22
| Package | 20.04 LTS |
|---|---|
| llvm-toolchain-18 | Needs evaluation |
| llvm-toolchain-19 | — |
| llvm-toolchain-21 | — |
| llvm-toolchain-22 | — |
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory...
1 affected package
attr
| Package | 20.04 LTS |
|---|---|
| attr | Needs evaluation |
acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat()...
1 affected package
acl
| Package | 20.04 LTS |
|---|---|
| acl | Needs evaluation |
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate...
1 affected package
acl
| Package | 20.04 LTS |
|---|---|
| acl | Needs evaluation |
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host...
1 affected package
node-ajv
| Package | 20.04 LTS |
|---|---|
| node-ajv | Needs evaluation |
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By...
1 affected package
libxml2
| Package | 20.04 LTS |
|---|---|
| libxml2 | Ignored |
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global...
1 affected package
gzip
| Package | 20.04 LTS |
|---|---|
| gzip | Needs evaluation |
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely...
1 affected package
gzip
| Package | 20.04 LTS |
|---|---|
| gzip | Needs evaluation |
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or...
1 affected package
libzypp
| Package | 20.04 LTS |
|---|---|
| libzypp | Needs evaluation |