Search CVE reports
131 – 140 of 36929 results
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of...
1 affected package
rrdtool
| Package | 24.04 LTS |
|---|---|
| rrdtool | Vulnerable |
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
1 affected package
python-pip
| Package | 24.04 LTS |
|---|---|
| python-pip | Needs evaluation |
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target...
158 affected packages
linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...
| Package | 24.04 LTS |
|---|---|
| linux | Vulnerable |
| linux-hwe | Not in release |
| linux-hwe-5.4 | Not in release |
| linux-hwe-5.8 | Not in release |
| linux-hwe-5.11 | Not in release |
| linux-hwe-5.13 | Not in release |
| linux-hwe-5.15 | Not in release |
| linux-hwe-5.19 | Not in release |
| linux-hwe-6.2 | Not in release |
| linux-hwe-6.5 | Not in release |
| linux-hwe-6.8 | Not in release |
| linux-hwe-6.11 | Ignored |
| linux-hwe-6.14 | Ignored |
| linux-hwe-6.17 | Vulnerable |
| linux-hwe-edge | Not in release |
| linux-lts-xenial | Not in release |
| linux-kvm | Not in release |
| linux-allwinner-5.19 | Not in release |
| linux-aws | Vulnerable |
| linux-aws-5.0 | Not in release |
| linux-aws-5.3 | Not in release |
| linux-aws-5.4 | Not in release |
| linux-aws-5.8 | Not in release |
| linux-aws-5.11 | Not in release |
| linux-aws-5.13 | Not in release |
| linux-aws-5.15 | Not in release |
| linux-aws-5.19 | Not in release |
| linux-aws-6.2 | Not in release |
| linux-aws-6.5 | Not in release |
| linux-aws-6.8 | Not in release |
| linux-aws-6.14 | Ignored |
| linux-aws-6.17 | Vulnerable |
| linux-aws-hwe | Not in release |
| linux-azure | Vulnerable |
| linux-azure-4.15 | Not in release |
| linux-azure-5.3 | Not in release |
| linux-azure-5.4 | Not in release |
| linux-azure-5.8 | Not in release |
| linux-azure-5.11 | Not in release |
| linux-azure-5.13 | Not in release |
| linux-azure-5.15 | Not in release |
| linux-azure-5.19 | Not in release |
| linux-azure-6.2 | Not in release |
| linux-azure-6.5 | Not in release |
| linux-azure-6.8 | Not in release |
| linux-azure-6.11 | Ignored |
| linux-azure-6.14 | Vulnerable |
| linux-azure-6.17 | Vulnerable |
| linux-azure-fde | Vulnerable |
| linux-azure-fde-5.15 | Not in release |
| linux-azure-fde-5.19 | Not in release |
| linux-azure-fde-6.2 | Not in release |
| linux-azure-fde-6.8 | Not in release |
| linux-azure-fde-6.14 | Vulnerable |
| linux-azure-fde-6.17 | Vulnerable |
| linux-azure-nvidia | Vulnerable |
| linux-azure-nvidia-6.14 | Vulnerable |
| linux-bluefield | Not in release |
| linux-azure-edge | Not in release |
| linux-fips | Vulnerable |
| linux-aws-fips | Vulnerable |
| linux-azure-fips | Vulnerable |
| linux-gcp-fips | Vulnerable |
| linux-gcp | Vulnerable |
| linux-gcp-4.15 | Not in release |
| linux-gcp-5.3 | Not in release |
| linux-gcp-5.4 | Not in release |
| linux-gcp-5.8 | Not in release |
| linux-gcp-5.11 | Not in release |
| linux-gcp-5.13 | Not in release |
| linux-gcp-5.15 | Not in release |
| linux-gcp-5.19 | Not in release |
| linux-gcp-6.2 | Not in release |
| linux-gcp-6.5 | Not in release |
| linux-gcp-6.8 | Not in release |
| linux-gcp-6.11 | Ignored |
| linux-gcp-6.14 | Ignored |
| linux-gcp-6.17 | Vulnerable |
| linux-gke | Vulnerable |
| linux-gke-4.15 | Not in release |
| linux-gke-5.4 | Not in release |
| linux-gke-5.15 | Not in release |
| linux-gkeop | Vulnerable |
| linux-gkeop-5.4 | Not in release |
| linux-gkeop-5.15 | Not in release |
| linux-ibm | Vulnerable |
| linux-ibm-5.4 | Not in release |
| linux-ibm-5.15 | Not in release |
| linux-ibm-6.8 | Not in release |
| linux-intel-5.13 | Not in release |
| linux-intel-iotg | Not in release |
| linux-intel-iotg-5.15 | Not in release |
| linux-iot | Not in release |
| linux-intel-iot-realtime | Not in release |
| linux-lowlatency | Vulnerable |
| linux-lowlatency-hwe-5.15 | Not in release |
| linux-lowlatency-hwe-5.19 | Not in release |
| linux-lowlatency-hwe-6.2 | Not in release |
| linux-lowlatency-hwe-6.5 | Not in release |
| linux-lowlatency-hwe-6.8 | Not in release |
| linux-lowlatency-hwe-6.11 | Ignored |
| linux-nvidia | Vulnerable |
| linux-nvidia-6.2 | Not in release |
| linux-nvidia-6.5 | Not in release |
| linux-nvidia-6.8 | Not in release |
| linux-nvidia-6.11 | Ignored |
| linux-nvidia-6.17 | Vulnerable |
| linux-nvidia-lowlatency | Vulnerable |
| linux-nvidia-tegra | Vulnerable |
| linux-nvidia-tegra-5.15 | Not in release |
| linux-nvidia-tegra-igx | Not in release |
| linux-oracle | Vulnerable |
| linux-oracle-5.0 | Not in release |
| linux-oracle-5.3 | Not in release |
| linux-oracle-5.4 | Not in release |
| linux-oracle-5.8 | Not in release |
| linux-oracle-5.11 | Not in release |
| linux-oracle-5.13 | Not in release |
| linux-oracle-5.15 | Not in release |
| linux-oracle-6.5 | Not in release |
| linux-oracle-6.8 | Not in release |
| linux-oracle-6.14 | Ignored |
| linux-oracle-6.17 | Vulnerable |
| linux-oem | Not in release |
| linux-oem-5.6 | Not in release |
| linux-oem-5.10 | Not in release |
| linux-oem-5.13 | Not in release |
| linux-oem-5.14 | Not in release |
| linux-oem-5.17 | Not in release |
| linux-oem-6.0 | Not in release |
| linux-oem-6.1 | Not in release |
| linux-oem-6.5 | Not in release |
| linux-oem-6.8 | Ignored |
| linux-oem-6.11 | Ignored |
| linux-oem-6.14 | Ignored |
| linux-oem-6.17 | Vulnerable |
| linux-raspi | Vulnerable |
| linux-raspi2 | Not in release |
| linux-raspi-5.4 | Not in release |
| linux-raspi-realtime | Vulnerable |
| linux-realtime | Vulnerable |
| linux-realtime-6.8 | Not in release |
| linux-realtime-6.14 | Ignored |
| linux-riscv | Ignored |
| linux-riscv-5.8 | Not in release |
| linux-riscv-5.11 | Not in release |
| linux-riscv-5.15 | Not in release |
| linux-riscv-5.19 | Not in release |
| linux-riscv-6.5 | Not in release |
| linux-riscv-6.8 | Not in release |
| linux-riscv-6.14 | Ignored |
| linux-riscv-6.17 | Vulnerable |
| linux-starfive-5.19 | Not in release |
| linux-starfive-6.2 | Not in release |
| linux-starfive-6.5 | Not in release |
| linux-xilinx | Vulnerable |
| linux-xilinx-zynqmp | Not in release |
| linux-realtime-6.17 | Vulnerable |
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or...
2 affected packages
golang-github-go-git-go-billy, golang-github-go-git-go-billy-v6
| Package | 24.04 LTS |
|---|---|
| golang-github-go-git-go-billy | Needs evaluation |
| golang-github-go-git-go-billy-v6 | Not in release |
A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The...
1 affected package
opensc
| Package | 24.04 LTS |
|---|---|
| opensc | Needs evaluation |
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow...
1 affected package
poppler
| Package | 24.04 LTS |
|---|---|
| poppler | Needs evaluation |
A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted data file.
1 affected package
gpac
| Package | 24.04 LTS |
|---|---|
| gpac | Needs evaluation |
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
1 affected package
gpac
| Package | 24.04 LTS |
|---|---|
| gpac | Needs evaluation |
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
1 affected package
gpac
| Package | 24.04 LTS |
|---|---|
| gpac | Needs evaluation |
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
1 affected package
gpac
| Package | 24.04 LTS |
|---|---|
| gpac | Needs evaluation |