Search CVE reports
381 – 390 of 1279 results
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
1 affected package
golang-golang-x-image
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-image | Not affected | Not affected | Needs evaluation | Ignored | Ignored |
Some fixes available 23 of 38
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
20 affected packages
adsys, containerd, golang, golang-1.10, golang-1.13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| adsys | Not affected | Not affected | Not affected | Fixed | — |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.17 | Not in release | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not in release | Not affected | Not affected | Not in release |
| golang-1.21 | Not in release | Not affected | Not affected | Not affected | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-golang-x-net | Not affected | Not affected | Fixed | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Fixed | Fixed |
| google-guest-agent | Fixed | Fixed | Fixed | Fixed | Fixed |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Not affected | Fixed |
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
1 affected package
freeimage
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| freeimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 4 of 27
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not...
6 affected packages
xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emacs | Not affected | Not affected | Fixed | Fixed | Not in release |
| emacs23 | — | — | Not in release | Not in release | Not in release |
| emacs24 | — | — | Not in release | Not in release | Not in release |
| emacs25 | — | — | Not in release | Not in release | Fixed |
Some fixes available 1 of 24
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c...
6 affected packages
xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emacs | Not affected | Not affected | Fixed | Not affected | Not in release |
| emacs23 | — | — | Not in release | Not in release | Not in release |
| emacs24 | — | — | Not in release | Not in release | Not in release |
| emacs25 | — | — | Not in release | Not in release | Not affected |
Some fixes available 4 of 27
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For...
6 affected packages
xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emacs | Not affected | Not affected | Fixed | Fixed | Not in release |
| emacs23 | — | — | Not in release | Not in release | Not in release |
| emacs24 | — | — | Not in release | Not in release | Not in release |
| emacs25 | — | — | Not in release | Not in release | Fixed |
Some fixes available 11 of 72
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
9 affected packages
darktable, exactimage, dcraw, rawtherapee, kodi...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| digikam | Not affected | Not affected | Not affected | Fixed | Not affected |
| libraw | Fixed | Fixed | Fixed | Fixed | Vulnerable |
| ufraw | — | — | Not in release | Not in release | Needs evaluation |
| xbmc | — | — | Not in release | Not in release | Not in release |
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ckeditor | — | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | — | Not affected | Not affected | Not affected | Not affected |
| ldap-account-manager | — | Not affected | Not affected | Not affected | Not affected |
| request-tracker4 | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 8
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
1 affected package
imagemagick
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| imagemagick | Not affected | Not affected | Fixed | Fixed | Fixed |
Some fixes available 6 of 8
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
1 affected package
imagemagick
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| imagemagick | Not affected | Not affected | Fixed | Fixed | Fixed |