Search CVE reports
181 – 190 of 366 results
Some fixes available 3 of 95
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
8 affected packages
darktable, exactimage, dcraw, kodi, rawtherapee...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Ignored |
Some fixes available 4 of 96
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
8 affected packages
dcraw, exactimage, kodi, rawtherapee, libraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Ignored |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 4 of 80
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
8 affected packages
darktable, dcraw, kodi, xbmc, libraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected | Not affected |
| dcraw | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ufraw | Not in release | Not in release | Not in release | Not in release | Vulnerable |
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a...
2 affected packages
tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | — |
| tomcat8 | — | — | — | — | — |
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | — |
| tomcat7 | — | — | — | — | — |
| tomcat8 | — | — | — | — | — |
Some fixes available 3 of 5
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and...
2 affected packages
tomcat8, tomcat7
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file.
3 affected packages
xbmc, xine-lib, xine-lib-1.2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xbmc | — | — | Not in release | Not in release | Not in release |
| xine-lib | — | — | Not in release | Not in release | Not in release |
| xine-lib-1.2 | — | — | Not affected | Not affected | Not affected |
Some fixes available 3 of 5
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned...
1 affected package
memcached
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| memcached | — | — | — | — | — |
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been...
1 affected package
mcollective
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mcollective | Not in release | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 3 of 8
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This...
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |