Search CVE reports
1181 – 1190 of 28288 results
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
2 affected packages
u-boot, u-boot-nezha
| Package | 24.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | Needs evaluation |
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS |
|---|---|
| libav | Not in release |
| ffmpeg | Not affected |
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS |
|---|---|
| libav | Not in release |
| ffmpeg | Not affected |
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to...
2 affected packages
libav, ffmpeg
| Package | 24.04 LTS |
|---|---|
| libav | Not in release |
| ffmpeg | Not affected |
Some fixes available 1 of 3
A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It...
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 24.04 LTS |
|---|---|
| tiff | Fixed |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Needs evaluation |
| gdal | Not affected |
| neuron | Not affected |
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...
| Package | 24.04 LTS |
|---|---|
| insighttoolkit4 | Not in release |
| qtwebengine-opensource-src | Needs evaluation |
| blender | Needs evaluation |
| texmaker | Needs evaluation |
| ghostscript | Not affected |
| openjpeg | Not in release |
| openjpeg2 | Not affected |
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL...
1 affected package
libphp-adodb
| Package | 24.04 LTS |
|---|---|
| libphp-adodb | Needs evaluation |
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.
1 affected package
stardict
| Package | 24.04 LTS |
|---|---|
| stardict | Needs evaluation |
Not in release
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in...
1 affected package
sogo
| Package | 24.04 LTS |
|---|---|
| sogo | Not in release |
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the...
1 affected package
mupdf
| Package | 24.04 LTS |
|---|---|
| mupdf | Vulnerable |