Search CVE reports
3251 – 3260 of 33792 results
Some fixes available 1 of 7
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
8 affected packages
ufraw, darktable, exactimage, dcraw, rawtherapee...
| Package | 20.04 LTS |
|---|---|
| ufraw | Not in release |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
| libraw | Fixed |
Some fixes available 1 of 7
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
8 affected packages
dcraw, ufraw, darktable, exactimage, libraw...
| Package | 20.04 LTS |
|---|---|
| dcraw | Needs evaluation |
| ufraw | Not in release |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| libraw | Fixed |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
1 affected package
kitty
| Package | 20.04 LTS |
|---|---|
| kitty | Not affected |
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless...
1 affected package
mailman
| Package | 20.04 LTS |
|---|---|
| mailman | Needs evaluation |
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple...
1 affected package
mailman
| Package | 20.04 LTS |
|---|---|
| mailman | Needs evaluation |
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the...
1 affected package
mailman
| Package | 20.04 LTS |
|---|---|
| mailman | Needs evaluation |
cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
1 affected package
cjson
| Package | 20.04 LTS |
|---|---|
| cjson | Needs evaluation |
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
2 affected packages
7zip, p7zip
| Package | 20.04 LTS |
|---|---|
| 7zip | Not in release |
| p7zip | Needs evaluation |
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
2 affected packages
7zip, p7zip
| Package | 20.04 LTS |
|---|---|
| 7zip | Not in release |
| p7zip | Needs evaluation |
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection....
1 affected package
webpy
| Package | 20.04 LTS |
|---|---|
| webpy | Needs evaluation |