Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

161 – 170 of 21464 results

Status is adjusted based on your filters.

CVE-2024-10397

Medium priority
Needs evaluation

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

1 affected packages

openafs

Package 24.04 LTS
openafs Needs evaluation
Show less packages

CVE-2024-10396

Medium priority
Needs evaluation

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided...

1 affected packages

openafs

Package 24.04 LTS
openafs Needs evaluation
Show less packages

CVE-2024-10394

Medium priority
Needs evaluation

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the...

1 affected packages

openafs

Package 24.04 LTS
openafs Needs evaluation
Show less packages

CVE-2024-10921

Medium priority

Not in release

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0...

1 affected packages

mongodb

Package 24.04 LTS
mongodb Not in release
Show less packages

CVE-2024-10979

Medium priority
Needs evaluation

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if...

7 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-9.1...

Package 24.04 LTS
postgresql-10 Not in release
postgresql-12 Not in release
postgresql-14 Not in release
postgresql-16 Needs evaluation
postgresql-9.1 Not in release
postgresql-9.3 Not in release
postgresql-9.5 Not in release
Show all 7 packages Show less packages

CVE-2024-10978

Medium priority
Needs evaluation

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...

7 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-9.1...

Package 24.04 LTS
postgresql-10 Not in release
postgresql-12 Not in release
postgresql-14 Not in release
postgresql-16 Needs evaluation
postgresql-9.1 Not in release
postgresql-9.3 Not in release
postgresql-9.5 Not in release
Show all 7 packages Show less packages

CVE-2024-10977

Medium priority
Needs evaluation

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a...

7 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-9.1...

Package 24.04 LTS
postgresql-10 Not in release
postgresql-12 Not in release
postgresql-14 Not in release
postgresql-16 Needs evaluation
postgresql-9.1 Not in release
postgresql-9.3 Not in release
postgresql-9.5 Not in release
Show all 7 packages Show less packages

CVE-2024-10976

Medium priority
Needs evaluation

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID...

7 affected packages

postgresql-10, postgresql-12, postgresql-14, postgresql-16, postgresql-9.1...

Package 24.04 LTS
postgresql-10 Not in release
postgresql-12 Not in release
postgresql-14 Not in release
postgresql-16 Needs evaluation
postgresql-9.1 Not in release
postgresql-9.3 Not in release
postgresql-9.5 Not in release
Show all 7 packages Show less packages

CVE-2024-3447

Medium priority
Needs evaluation

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest...

1 affected packages

qemu

Package 24.04 LTS
qemu Needs evaluation
Show less packages

CVE-2024-50306

Medium priority
Needs evaluation

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version...

1 affected packages

trafficserver

Package 24.04 LTS
trafficserver Needs evaluation
Show less packages
  1. Previous page
  2. 15
  3. 16
  4. 17
  5. 18
  6. 19
  7. Next page
Export to JSON