Search CVE reports
181 – 190 of 43740 results
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without...
1 affected package
libpgjava
| Package | 22.04 LTS |
|---|---|
| libpgjava | Needs evaluation |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(),...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Not in release
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded...
1 affected package
optee-os
| Package | 22.04 LTS |
|---|---|
| optee-os | Not in release |
Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 (libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x...
1 affected package
apache-opennlp
| Package | 22.04 LTS |
|---|---|
| apache-opennlp | Needs evaluation |
Not in release
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the...
1 affected package
optee-os
| Package | 22.04 LTS |
|---|---|
| optee-os | Not in release |
Not in release
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry...
1 affected package
pydantic-settings
| Package | 22.04 LTS |
|---|---|
| pydantic-settings | Not in release |