Search CVE reports
71 – 80 of 366 results
Some fixes available 12 of 55
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
9 affected packages
ufraw, xbmc, darktable, exactimage, libraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ufraw | Not in release | Not in release | Not in release | Ignored |
| xbmc | Not in release | Not in release | Not in release | Not in release |
| darktable | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Fixed | Fixed | Fixed | Ignored |
| dcraw | Needs evaluation | Needs evaluation | Ignored | Ignored |
| digikam | Not affected | Fixed | Fixed | Fixed |
| kodi | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Ignored | Ignored |
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
9 affected packages
lua5.2, lua5.3, lua5.4, lua50, memcached...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lua5.2 | Not affected | Not affected | Not affected | Not affected |
| lua5.3 | Not affected | Not affected | Not affected | Not affected |
| lua5.4 | Not affected | Not affected | Not in release | Not in release |
| lua50 | Not in release | Not in release | Not affected | Not affected |
| memcached | Not affected | Not affected | Not affected | Not affected |
| tup | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| vifm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| lua5.1 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 8 of 14
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to...
6 affected packages
tomcat10, tomcat8, tomcat9, tomcat6, tomcat7, tomcat11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat10 | Not affected | Not in release | Not in release | Not in release |
| tomcat8 | — | Not in release | Not in release | Fixed |
| tomcat9 | Fixed | Fixed | Fixed | Fixed |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat11 | Not in release | Not in release | Not in release | Not in release |
libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This...
1 affected package
libmemcached
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libmemcached | — | Not affected | Not affected | Not affected |
Some fixes available 10 of 54
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Ignored | Ignored |
| dcraw | Needs evaluation | Needs evaluation | Ignored | Ignored |
| digikam | Not affected | Not affected | Fixed | Not affected |
| exactimage | Needs evaluation | Needs evaluation | Ignored | Ignored |
| kodi | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Fixed | Fixed | Fixed | Vulnerable |
| rawtherapee | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ufraw | — | Not in release | Not in release | Ignored |
| xbmc | — | Not in release | Not in release | Not in release |
Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
1 affected package
memcached
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| memcached | Not affected | Not affected | Vulnerable | Not affected |
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was...
5 affected packages
tomcat9, tomcat8, tomcat6, tomcat7, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat9 | Not affected | Vulnerable | Not affected | Not affected |
| tomcat8 | — | Not in release | Not in release | Not affected |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Ignored |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that...
1 affected package
tinymce
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tinymce | — | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 4 of 8
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | — | Not in release | Not in release | Not in release |
| tomcat7 | — | Not in release | Not in release | Not affected |
| tomcat8 | — | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release |
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0...
4 affected packages
tomcat9, tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat9 | Not affected | Vulnerable | Vulnerable | Vulnerable |
| tomcat6 | — | Not in release | Not in release | Not in release |
| tomcat7 | — | Not in release | Not in release | Needs evaluation |
| tomcat8 | — | Not in release | Not in release | Vulnerable |