Search CVE reports
191 – 200 of 366 results
Some fixes available 3 of 111
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100"...
12 affected packages
dcraw, darktable, exactimage, kodi, rawtherapee...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| flphoto | Not in release | Not in release | Not in release | Not in release | Not in release |
| freeimage | Not affected | Not affected | Not affected | Not affected | Not affected |
| graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
| rawstudio | Not in release | Not in release | Not in release | Not in release | Not in release |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 3 of 109
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
12 affected packages
darktable, flphoto, dcraw, exactimage, kodi...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| flphoto | Not in release | Not in release | Not in release | Not in release | Not in release |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Ignored |
| rawstudio | Not in release | Not in release | Not in release | Not in release | Not in release |
| freeimage | Not affected | Not affected | Not affected | Not affected | Not affected |
| graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for...
2 affected packages
tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | — | — | — |
| tomcat9 | — | — | — | — | — |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE...
2 affected packages
tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | — | — | — |
| tomcat9 | — | — | — | — | — |
Some fixes available 3 of 7
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object....
3 affected packages
tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 3 of 9
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being...
3 affected packages
tomcat8, tomcat7, tomcat6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Not in release |
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be...
1 affected package
tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | — | — | — |
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated...
2 affected packages
kodi, xbmc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kodi | Needs evaluation | Needs evaluation | Vulnerable | Not affected | Vulnerable |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 3 of 6
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers...
1 affected package
libtomcrypt
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libtomcrypt | — | — | — | — | Not affected |
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
1 affected package
mcollective
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mcollective | — | — | — | — | Not affected |