Search CVE reports
51 – 60 of 37185 results
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is...
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
| Package | 18.04 LTS |
|---|---|
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
2 affected packages
u-boot, u-boot-nezha
| Package | 18.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | — |
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double...
2 affected packages
ffmpeg, libav
| Package | 18.04 LTS |
|---|---|
| ffmpeg | Needs evaluation |
| libav | — |
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null...
2 affected packages
ffmpeg, libav
| Package | 18.04 LTS |
|---|---|
| ffmpeg | Needs evaluation |
| libav | — |
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to...
2 affected packages
libav, ffmpeg
| Package | 18.04 LTS |
|---|---|
| libav | — |
| ffmpeg | Needs evaluation |
A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It...
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 18.04 LTS |
|---|---|
| tiff | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Needs evaluation |
| gdal | Not affected |
| neuron | Needs evaluation |
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...
| Package | 18.04 LTS |
|---|---|
| insighttoolkit4 | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation |
| blender | Needs evaluation |
| texmaker | Needs evaluation |
| ghostscript | Needs evaluation |
| openjpeg | — |
| openjpeg2 | Not affected |
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL...
1 affected package
libphp-adodb
| Package | 18.04 LTS |
|---|---|
| libphp-adodb | Needs evaluation |
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.
1 affected package
stardict
| Package | 18.04 LTS |
|---|---|
| stardict | Needs evaluation |
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in...
1 affected package
sogo
| Package | 18.04 LTS |
|---|---|
| sogo | Needs evaluation |