Search CVE reports


Toggle filters

21 – 30 of 36 results


CVE-2020-15114

Medium priority

Some fixes available 2 of 5

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Not affected Not affected Fixed Fixed Needs evaluation
Show less packages

CVE-2020-15115

Low priority
Needs evaluation

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-15113

Medium priority

Some fixes available 2 of 12

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Vulnerable Vulnerable Fixed Fixed Vulnerable
Show less packages

CVE-2020-15112

Medium priority

Some fixes available 2 of 12

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Vulnerable Vulnerable Fixed Fixed Vulnerable
Show less packages

CVE-2020-15106

Medium priority

Some fixes available 2 of 12

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Vulnerable Vulnerable Fixed Fixed Vulnerable
Show less packages

CVE-2019-20202

Medium priority
Needs evaluation

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.

5 affected packages

mapcache, navit, netcdf, netcdf-parallel, scilab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mapcache Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
navit Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf-parallel Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
scilab Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-20201

Medium priority
Needs evaluation

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.

4 affected packages

mapcache, netcdf, netcdf-parallel, scilab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mapcache Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf-parallel Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
scilab Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-20200

Medium priority
Needs evaluation

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.

5 affected packages

mapcache, navit, netcdf, netcdf-parallel, scilab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mapcache Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
navit Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf-parallel Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
scilab Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-20199

Low priority
Vulnerable

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.

4 affected packages

mapcache, netcdf, netcdf-parallel, scilab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mapcache Vulnerable Vulnerable Vulnerable Vulnerable Needs evaluation
netcdf Vulnerable Vulnerable Vulnerable Vulnerable Needs evaluation
netcdf-parallel Vulnerable Vulnerable Vulnerable Not in release Ignored
scilab Vulnerable Vulnerable Vulnerable Vulnerable Needs evaluation
Show less packages

CVE-2019-20198

Medium priority
Needs evaluation

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.

5 affected packages

mapcache, navit, netcdf, netcdf-parallel, scilab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mapcache Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
navit Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf-parallel Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
scilab Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages