Search CVE reports
31 – 40 of 324 results
CVE-2021-45985
Medium priorityIn Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
9 affected packages
darktable, lua5.1, lua5.2, lua5.3, lua5.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
lua5.1 | Not affected | Not affected | Not affected | Not affected | Not affected |
lua5.2 | Not affected | Not affected | Not affected | Not affected | Not affected |
lua5.3 | Not affected | Not affected | Not affected | Not affected | Not affected |
lua5.4 | Not affected | Not affected | Not in release | Not in release | Not in release |
lua50 | Not in release | Not in release | Not affected | Not affected | Not affected |
memcached | Not affected | Not affected | Not affected | Not affected | Not affected |
tup | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
vifm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-28708
Medium priorityWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5,...
3 affected packages
tomcat10, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat10 | Needs evaluation | Not in release | Not in release | Not in release | Ignored |
tomcat8 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-27478
Medium prioritylibmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This...
1 affected packages
libmemcached
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libmemcached | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-32142
Low prioritySome fixes available 6 of 58
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
digikam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libraw | Fixed | Fixed | Fixed | Vulnerable | Needs evaluation |
rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ufraw | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
xbmc | — | Not in release | Not in release | Not in release | Not in release |
CVE-2021-37519
Low priorityBuffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
1 affected packages
memcached
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
memcached | Not affected | Not affected | Vulnerable | Not affected | Not affected |
CVE-2022-45143
Medium priorityThe JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was...
2 affected packages
tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat8 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2022-23494
Medium prioritytinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that...
1 affected packages
tinymce
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tinymce | — | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-42252
Medium prioritySome fixes available 4 of 11
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | — | Not in release | Not in release | Fixed | Not affected |
tomcat9 | Not affected | Fixed | Fixed | Fixed | Not in release |
CVE-2021-43980
Medium priorityThe simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | Not in release | Not in release | Not in release | Needs evaluation |
tomcat7 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat8 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2020-35535
Medium priorityIn LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
digikam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ufraw | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |