Search CVE reports
41 – 50 of 324 results
CVE-2020-35534
Medium priorityIn LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-35533
Medium prioritySome fixes available 2 of 53
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Fixed | Fixed | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-35532
Medium prioritySome fixes available 2 of 53
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Fixed | Fixed | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-35531
Medium prioritySome fixes available 2 of 53
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Fixed | Fixed | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-35530
Medium prioritySome fixes available 2 of 53
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
9 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Fixed | Fixed | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2022-34305
Low priorityIn Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2022-25762
Medium priorityIf a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | — | Needs evaluation | Needs evaluation |
| tomcat9 | Not affected | Not affected | Not affected | Needs evaluation | — |
CVE-2022-29885
Low prioritySome fixes available 4 of 5
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network....
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | — | Fixed | Not affected |
| tomcat9 | Not affected | Fixed | Fixed | Fixed | — |
CVE-2022-26635
Medium priority** DISPUTED ** PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.
1 affected packages
php-memcached
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-memcached | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-23181
Low prioritySome fixes available 4 of 8
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | — | Fixed | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Fixed | Ignored |