Search CVE reports


Toggle filters

381 – 390 of 1279 results


CVE-2022-41727

Medium priority
Needs evaluation

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

1 affected package

golang-golang-x-image

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-image Not affected Not affected Needs evaluation Ignored Ignored
Show less packages

CVE-2022-41723

Medium priority

Some fixes available 23 of 38

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

20 affected packages

adsys, containerd, golang, golang-1.10, golang-1.13...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
adsys Not affected Not affected Not affected Fixed
containerd Not affected Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Not in release Vulnerable Not in release
golang-1.16 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Not in release Fixed Not in release Not in release
golang-1.18 Not in release Not in release Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not in release Not affected Not affected Not in release
golang-1.21 Not in release Not affected Not affected Not affected Not in release
golang-1.6 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Not in release Vulnerable
golang-golang-x-net Not affected Not affected Fixed Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Not in release Fixed Fixed
google-guest-agent Fixed Fixed Fixed Fixed Fixed
juju-core Not in release Not in release Not in release
lxd Not in release Not in release Not in release Not affected Fixed
Show all 20 packages Show less packages

CVE-2021-33367

Medium priority
Vulnerable

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

1 affected package

freeimage

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freeimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-48339

Medium priority

Some fixes available 4 of 27

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...

6 affected packages

xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Not affected Fixed Fixed Not in release
emacs23 Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Fixed
Show less packages

CVE-2022-48338

Medium priority

Some fixes available 1 of 24

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...

6 affected packages

xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Not affected Fixed Not affected Not in release
emacs23 Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Not affected
Show less packages

CVE-2022-48337

Medium priority

Some fixes available 4 of 27

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...

6 affected packages

xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Not affected Fixed Fixed Not in release
emacs23 Not in release Not in release Not in release
emacs24 Not in release Not in release Not in release
emacs25 Not in release Not in release Fixed
Show less packages

CVE-2021-32142

Low priority

Some fixes available 11 of 72

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

9 affected packages

darktable, exactimage, dcraw, rawtherapee, kodi...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Not affected Not affected Not affected Fixed Not affected
libraw Fixed Fixed Fixed Fixed Vulnerable
ufraw Not in release Not in release Needs evaluation
xbmc Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2022-48110

Medium priority
Ignored

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ckeditor Not affected Not affected Not affected Not affected
ckeditor3 Not affected Not affected Not affected Not affected
ldap-account-manager Not affected Not affected Not affected Not affected
request-tracker4 Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-44268

Medium priority

Some fixes available 6 of 8

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-44267

Medium priority

Some fixes available 6 of 8

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Not affected Not affected Fixed Fixed Fixed
Show less packages