Search CVE reports
251 – 260 of 37865 results
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation...
2 affected packages
ruby-rack-session, ruby-rack
| Package | 22.04 LTS |
|---|---|
| ruby-rack-session | Not in release |
| ruby-rack | Needs evaluation |
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single...
1 affected package
cockpit
| Package | 22.04 LTS |
|---|---|
| cockpit | Needs evaluation |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are...
1 affected package
cups
| Package | 22.04 LTS |
|---|---|
| cups | Needs evaluation |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any...
1 affected package
cups
| Package | 22.04 LTS |
|---|---|
| cups | Needs evaluation |
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI...
1 affected package
ruby-addressable
| Package | 22.04 LTS |
|---|---|
| ruby-addressable | Needs evaluation |
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the...
1 affected package
libssh
| Package | 22.04 LTS |
|---|---|
| libssh | Not affected |
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or...
1 affected package
libarchive
| Package | 22.04 LTS |
|---|---|
| libarchive | Vulnerable |
Not in release
Memory-safety vulnerability in github.com/jackc/pgx/v5.
1 affected package
golang-github-jackc-pgx-v5
| Package | 22.04 LTS |
|---|---|
| golang-github-jackc-pgx-v5 | Not in release |
Not in release
Memory-safety vulnerability in github.com/jackc/pgx/v5.
1 affected package
golang-github-jackc-pgx-v5
| Package | 22.04 LTS |
|---|---|
| golang-github-jackc-pgx-v5 | Not in release |
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 22.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | Not in release |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |