Search CVE reports
21 – 30 of 42805 results
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for...
1 affected package
python-jwcrypto
| Package | 18.04 LTS |
|---|---|
| python-jwcrypto | Needs evaluation |
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation...
2 affected packages
ruby-rack-session, ruby-rack
| Package | 18.04 LTS |
|---|---|
| ruby-rack-session | — |
| ruby-rack | Needs evaluation |
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single...
1 affected package
cockpit
| Package | 18.04 LTS |
|---|---|
| cockpit | Needs evaluation |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are...
1 affected package
cups
| Package | 18.04 LTS |
|---|---|
| cups | Needs evaluation |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any...
1 affected package
cups
| Package | 18.04 LTS |
|---|---|
| cups | Needs evaluation |
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI...
1 affected package
ruby-addressable
| Package | 18.04 LTS |
|---|---|
| ruby-addressable | Needs evaluation |
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the...
1 affected package
libssh
| Package | 18.04 LTS |
|---|---|
| libssh | Not affected |
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or...
1 affected package
libarchive
| Package | 18.04 LTS |
|---|---|
| libarchive | Needs evaluation |
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 18.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | Needs evaluation |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 18.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | Needs evaluation |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |