Search CVE reports
231 – 240 of 25258 results
CVE-2024-34156
Medium priorityCalling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 20.04 LTS |
---|---|
golang | Not in release |
golang-1.10 | Not in release |
golang-1.13 | Needs evaluation |
golang-1.14 | Needs evaluation |
golang-1.16 | Needs evaluation |
golang-1.17 | Not in release |
golang-1.18 | Needs evaluation |
golang-1.19 | Not in release |
golang-1.20 | Needs evaluation |
golang-1.21 | Needs evaluation |
golang-1.22 | Needs evaluation |
golang-1.6 | Not in release |
golang-1.8 | Not in release |
golang-1.9 | Not in release |
CVE-2024-34155
Medium priorityCalling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 20.04 LTS |
---|---|
golang | Not in release |
golang-1.10 | Not in release |
golang-1.13 | Needs evaluation |
golang-1.14 | Needs evaluation |
golang-1.16 | Needs evaluation |
golang-1.17 | Not in release |
golang-1.18 | Needs evaluation |
golang-1.19 | Not in release |
golang-1.20 | Needs evaluation |
golang-1.21 | Needs evaluation |
golang-1.22 | Needs evaluation |
golang-1.6 | Not in release |
golang-1.8 | Not in release |
golang-1.9 | Not in release |
CVE-2024-7652
Medium prioritySome fixes available 2 of 4
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 20.04 LTS |
---|---|
firefox | Fixed |
mozjs102 | Not in release |
mozjs115 | Not in release |
mozjs38 | Not in release |
mozjs52 | Ignored |
mozjs68 | Ignored |
mozjs78 | Not in release |
mozjs91 | Not in release |
thunderbird | Fixed |
CVE-2024-8517
Medium prioritySPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
1 affected packages
spip
Package | 20.04 LTS |
---|---|
spip | Needs evaluation |
CVE-2024-25584
Medium priorityDovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP....
1 affected packages
dovecot
Package | 20.04 LTS |
---|---|
dovecot | Not affected |
CVE-2023-52916
Medium priorityIn the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this...
121 affected packages
linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...
Package | 20.04 LTS |
---|---|
linux | Vulnerable |
linux-allwinner-5.19 | Not in release |
linux-aws | Vulnerable |
linux-aws-5.0 | Not in release |
linux-aws-5.11 | Ignored |
linux-aws-5.13 | Ignored |
linux-aws-5.15 | Vulnerable |
linux-aws-5.19 | Not in release |
linux-aws-5.3 | Not in release |
linux-aws-5.4 | Not in release |
linux-aws-5.8 | Ignored |
linux-aws-6.2 | Not in release |
linux-aws-6.5 | Not in release |
linux-aws-fips | Not in release |
linux-aws-hwe | Not in release |
linux-azure | Vulnerable |
linux-azure-4.15 | Not in release |
linux-azure-5.11 | Ignored |
linux-azure-5.13 | Ignored |
linux-azure-5.15 | Vulnerable |
linux-azure-5.19 | Not in release |
linux-azure-5.3 | Not in release |
linux-azure-5.4 | Not in release |
linux-azure-5.8 | Ignored |
linux-azure-6.2 | Not in release |
linux-azure-6.5 | Not in release |
linux-azure-edge | Not in release |
linux-azure-fde | Ignored |
linux-azure-fde-5.15 | Vulnerable |
linux-azure-fde-5.19 | Not in release |
linux-azure-fde-6.2 | Not in release |
linux-azure-fips | Not in release |
linux-bluefield | Vulnerable |
linux-fips | Not in release |
linux-gcp | Vulnerable |
linux-gcp-4.15 | Not in release |
linux-gcp-5.11 | Ignored |
linux-gcp-5.13 | Ignored |
linux-gcp-5.15 | Vulnerable |
linux-gcp-5.19 | Not in release |
linux-gcp-5.3 | Not in release |
linux-gcp-5.4 | Not in release |
linux-gcp-5.8 | Ignored |
linux-gcp-6.2 | Not in release |
linux-gcp-6.5 | Not in release |
linux-gcp-fips | Not in release |
linux-gke | Ignored |
linux-gke-4.15 | Not in release |
linux-gke-5.15 | Ignored |
linux-gke-5.4 | Not in release |
linux-gkeop | Vulnerable |
linux-gkeop-5.15 | Vulnerable |
linux-gkeop-5.4 | Not in release |
linux-hwe | Not in release |
linux-hwe-5.11 | Ignored |
linux-hwe-5.13 | Ignored |
linux-hwe-5.15 | Vulnerable |
linux-hwe-5.19 | Not in release |
linux-hwe-5.4 | Not in release |
linux-hwe-5.8 | Ignored |
linux-hwe-6.2 | Not in release |
linux-hwe-6.5 | Not in release |
linux-hwe-6.8 | Not in release |
linux-hwe-edge | Not in release |
linux-ibm | Vulnerable |
linux-ibm-5.15 | Vulnerable |
linux-ibm-5.4 | Not in release |
linux-intel | Not in release |
linux-intel-5.13 | Ignored |
linux-intel-iot-realtime | Not in release |
linux-intel-iotg | Not in release |
linux-intel-iotg-5.15 | Vulnerable |
linux-iot | Vulnerable |
linux-kvm | Vulnerable |
linux-lowlatency | Not in release |
linux-lowlatency-hwe-5.15 | Vulnerable |
linux-lowlatency-hwe-5.19 | Not in release |
linux-lowlatency-hwe-6.2 | Not in release |
linux-lowlatency-hwe-6.5 | Not in release |
linux-lowlatency-hwe-6.8 | Not in release |
linux-lts-xenial | Not in release |
linux-nvidia | Not in release |
linux-nvidia-6.2 | Not in release |
linux-nvidia-6.5 | Not in release |
linux-nvidia-6.8 | Not in release |
linux-nvidia-lowlatency | Not in release |
linux-oem | Not in release |
linux-oem-5.10 | Ignored |
linux-oem-5.13 | Ignored |
linux-oem-5.14 | Ignored |
linux-oem-5.17 | Not in release |
linux-oem-5.6 | Ignored |
linux-oem-6.0 | Not in release |
linux-oem-6.1 | Not in release |
linux-oem-6.5 | Not in release |
linux-oem-6.8 | Not in release |
linux-oracle | Vulnerable |
linux-oracle-5.0 | Not in release |
linux-oracle-5.11 | Ignored |
linux-oracle-5.13 | Ignored |
linux-oracle-5.15 | Vulnerable |
linux-oracle-5.3 | Not in release |
linux-oracle-5.4 | Not in release |
linux-oracle-5.8 | Ignored |
linux-oracle-6.5 | Not in release |
linux-raspi | Vulnerable |
linux-raspi-5.4 | Not in release |
linux-raspi-realtime | Not in release |
linux-raspi2 | Ignored |
linux-realtime | Not in release |
linux-riscv | Ignored |
linux-riscv-5.11 | Ignored |
linux-riscv-5.15 | Vulnerable |
linux-riscv-5.19 | Not in release |
linux-riscv-5.8 | Ignored |
linux-riscv-6.5 | Not in release |
linux-riscv-6.8 | Not in release |
linux-starfive-5.19 | Not in release |
linux-starfive-6.2 | Not in release |
linux-starfive-6.5 | Not in release |
linux-xilinx-zynqmp | Vulnerable |
CVE-2023-52915
Medium prioritySome fixes available 1 of 26
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and...
121 affected packages
linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...
Package | 20.04 LTS |
---|---|
linux | Vulnerable |
linux-allwinner-5.19 | Not in release |
linux-aws | Vulnerable |
linux-aws-5.0 | Not in release |
linux-aws-5.11 | Ignored |
linux-aws-5.13 | Ignored |
linux-aws-5.15 | Vulnerable |
linux-aws-5.19 | Not in release |
linux-aws-5.3 | Not in release |
linux-aws-5.4 | Not in release |
linux-aws-5.8 | Ignored |
linux-aws-6.2 | Not in release |
linux-aws-6.5 | Not in release |
linux-aws-fips | Not in release |
linux-aws-hwe | Not in release |
linux-azure | Vulnerable |
linux-azure-4.15 | Not in release |
linux-azure-5.11 | Ignored |
linux-azure-5.13 | Ignored |
linux-azure-5.15 | Vulnerable |
linux-azure-5.19 | Not in release |
linux-azure-5.3 | Not in release |
linux-azure-5.4 | Not in release |
linux-azure-5.8 | Ignored |
linux-azure-6.2 | Not in release |
linux-azure-6.5 | Not in release |
linux-azure-edge | Not in release |
linux-azure-fde | Ignored |
linux-azure-fde-5.15 | Fixed |
linux-azure-fde-5.19 | Not in release |
linux-azure-fde-6.2 | Not in release |
linux-azure-fips | Not in release |
linux-bluefield | Vulnerable |
linux-fips | Not in release |
linux-gcp | Vulnerable |
linux-gcp-4.15 | Not in release |
linux-gcp-5.11 | Ignored |
linux-gcp-5.13 | Ignored |
linux-gcp-5.15 | Vulnerable |
linux-gcp-5.19 | Not in release |
linux-gcp-5.3 | Not in release |
linux-gcp-5.4 | Not in release |
linux-gcp-5.8 | Ignored |
linux-gcp-6.2 | Not in release |
linux-gcp-6.5 | Not in release |
linux-gcp-fips | Not in release |
linux-gke | Ignored |
linux-gke-4.15 | Not in release |
linux-gke-5.15 | Ignored |
linux-gke-5.4 | Not in release |
linux-gkeop | Vulnerable |
linux-gkeop-5.15 | Vulnerable |
linux-gkeop-5.4 | Not in release |
linux-hwe | Not in release |
linux-hwe-5.11 | Ignored |
linux-hwe-5.13 | Ignored |
linux-hwe-5.15 | Vulnerable |
linux-hwe-5.19 | Not in release |
linux-hwe-5.4 | Not in release |
linux-hwe-5.8 | Ignored |
linux-hwe-6.2 | Not in release |
linux-hwe-6.5 | Not in release |
linux-hwe-6.8 | Not in release |
linux-hwe-edge | Not in release |
linux-ibm | Vulnerable |
linux-ibm-5.15 | Vulnerable |
linux-ibm-5.4 | Not in release |
linux-intel | Not in release |
linux-intel-5.13 | Ignored |
linux-intel-iot-realtime | Not in release |
linux-intel-iotg | Not in release |
linux-intel-iotg-5.15 | Vulnerable |
linux-iot | Vulnerable |
linux-kvm | Vulnerable |
linux-lowlatency | Not in release |
linux-lowlatency-hwe-5.15 | Vulnerable |
linux-lowlatency-hwe-5.19 | Not in release |
linux-lowlatency-hwe-6.2 | Not in release |
linux-lowlatency-hwe-6.5 | Not in release |
linux-lowlatency-hwe-6.8 | Not in release |
linux-lts-xenial | Not in release |
linux-nvidia | Not in release |
linux-nvidia-6.2 | Not in release |
linux-nvidia-6.5 | Not in release |
linux-nvidia-6.8 | Not in release |
linux-nvidia-lowlatency | Not in release |
linux-oem | Not in release |
linux-oem-5.10 | Ignored |
linux-oem-5.13 | Ignored |
linux-oem-5.14 | Ignored |
linux-oem-5.17 | Not in release |
linux-oem-5.6 | Ignored |
linux-oem-6.0 | Not in release |
linux-oem-6.1 | Not in release |
linux-oem-6.5 | Not in release |
linux-oem-6.8 | Not in release |
linux-oracle | Vulnerable |
linux-oracle-5.0 | Not in release |
linux-oracle-5.11 | Ignored |
linux-oracle-5.13 | Ignored |
linux-oracle-5.15 | Vulnerable |
linux-oracle-5.3 | Not in release |
linux-oracle-5.4 | Not in release |
linux-oracle-5.8 | Ignored |
linux-oracle-6.5 | Not in release |
linux-raspi | Vulnerable |
linux-raspi-5.4 | Not in release |
linux-raspi-realtime | Not in release |
linux-raspi2 | Ignored |
linux-realtime | Not in release |
linux-riscv | Ignored |
linux-riscv-5.11 | Ignored |
linux-riscv-5.15 | Vulnerable |
linux-riscv-5.19 | Not in release |
linux-riscv-5.8 | Ignored |
linux-riscv-6.5 | Not in release |
linux-riscv-6.8 | Not in release |
linux-starfive-5.19 | Not in release |
linux-starfive-6.2 | Not in release |
linux-starfive-6.5 | Not in release |
linux-xilinx-zynqmp | Vulnerable |
CVE-2024-45751
Medium prioritytgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.
2 affected packages
iscsitarget, tgt
Package | 20.04 LTS |
---|---|
iscsitarget | Not in release |
tgt | Fixed |
CVE-2024-8394
Medium priorityWhen aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
1 affected packages
thunderbird
Package | 20.04 LTS |
---|---|
thunderbird | Not affected |
CVE-2024-45159
Medium priorityAn issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage...
1 affected packages
mbedtls
Package | 20.04 LTS |
---|---|
mbedtls | Needs evaluation |