Search CVE reports
2051 – 2060 of 37589 results
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based...
1 affected package
gdal
| Package | 24.04 LTS |
|---|---|
| gdal | Needs evaluation |
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack...
1 affected package
gdal
| Package | 24.04 LTS |
|---|---|
| gdal | Needs evaluation |
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.
1 affected package
kdenlive
| Package | 24.04 LTS |
|---|---|
| kdenlive | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.5 | Not in release |
| ruby2.3 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Vulnerable |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Not affected |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully",...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.5 | Not in release |
| ruby2.3 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Vulnerable |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.5 | Not in release |
| ruby2.3 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Not affected |
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been...
2 affected packages
pillow-python2, pillow
| Package | 24.04 LTS |
|---|---|
| pillow-python2 | Not in release |
| pillow | Not affected |
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This...
2 affected packages
pillow, pillow-python2
| Package | 24.04 LTS |
|---|---|
| pillow | Fixed |
| pillow-python2 | Not in release |