CVE search results

231 – 240 of 366 results

Detailed view

Sort by:

CVE-2015-8366

Low priority

Some fixes available 1 of 117

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

8 affected packages

darktable, kodi, xbmc, dcraw, libraw...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
darktable	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
kodi	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable	Vulnerable
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release
dcraw	Not affected	Not affected	Not affected	Not affected	Vulnerable
libraw	Not affected	Not affected	Not affected	Not affected	Not affected
ufraw	Not in release	Not in release	Not in release	Not in release	Not affected
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
rawtherapee	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2014-7810

Medium priority

Some fixes available 7 of 12

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2014-0230

Low priority

Some fixes available 4 of 9

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a...

3 affected packages

tomcat7, tomcat8, tomcat6

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected
tomcat6	—	—	—	—	Not in release

CVE-2015-3885

Negligible priority

Some fixes available 2 of 54

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

10 affected packages

darktable, rawstudio, libraw, dcraw, freeimage...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
darktable	Not affected	Not affected	Not affected	Not affected	Not affected
rawstudio	Not in release	Not in release	Not in release	Not in release	Not in release
libraw	Not affected	Not affected	Not affected	Not affected	Not affected
dcraw	Not affected	Not affected	Not affected	Not affected	Not affected
freeimage	Not affected	Not affected	Not affected	Not affected	Not affected
kodi	Needs evaluation	Needs evaluation	Not affected	Not affected	Not affected
exactimage	Not affected	Not affected	Not affected	Not affected	Not affected
rawtherapee	Not affected	Not affected	Not affected	Not affected	Not affected
ufraw	Not in release	Not in release	Not in release	Not in release	Not affected
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2014-0227

Low priority

Some fixes available 4 of 9

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2014-3248

Low priority

Some fixes available 1 of 19

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby...

4 affected packages

facter, mcollective, puppet, ruby-hiera

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
facter	Not affected	Not affected	Not affected	Not affected	Not affected
mcollective	Not in release	Not affected	Not affected	Not affected	Not affected
puppet	Not in release	Not in release	Not affected	Not affected	Not affected
ruby-hiera	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2013-4444

Medium priority

Ignored

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading...

1 affected package

tomcat7

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—	—

CVE-2014-3251

Medium priority

Ignored

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish...

1 affected package

mcollective

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mcollective	—	—	—	—	Not affected

CVE-2014-3800

Medium priority

Ignored

XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.

1 affected package

xbmc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xbmc	—	—	—	—	Not in release

CVE-2014-0186

Medium priority

Not affected

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an...

1 affected package

tomcat7

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports