Search CVE reports
41331 – 41340 of 69301 results
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.
1 affected package
prayer
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| prayer | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr...
1 affected package
crossroads
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| crossroads | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 23 of 25
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs...
96 affected packages
linux, linux-aws, linux-aws-hwe, linux-oracle, linux-azure...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| linux | — | Not affected | Not affected | Not affected | Fixed |
| linux-aws | — | Not affected | Not affected | Not affected | Fixed |
| linux-aws-hwe | — | Not in release | Not in release | Not in release | Not in release |
| linux-oracle | — | Not affected | Not affected | Not affected | Not affected |
| linux-azure | — | Not affected | Not affected | Not affected | Fixed |
| linux-azure-edge | — | Not in release | Not in release | Not in release | Fixed |
| linux-euclid | — | — | — | — | Not in release |
| linux-flo | — | — | — | — | Not in release |
| linux-gcp | — | Not affected | Not affected | Not affected | Fixed |
| linux-gcp-edge | — | — | — | — | Not affected |
| linux-gke | — | Not affected | Not affected | Ignored | Not in release |
| linux-goldfish | — | — | — | — | Not in release |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | Not in release | Not in release | Not in release | Not affected |
| linux-hwe-edge | — | Not in release | Not in release | Not in release | Not affected |
| linux-kvm | — | Not in release | Not affected | Not affected | Fixed |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | Not in release | Not in release | Not in release | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not in release |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | Not in release | Not in release | Not in release | Fixed |
| linux-raspi2 | — | Not in release | Not in release | Ignored | Fixed |
| linux-snapdragon | — | Not in release | Not in release | Not in release | Not affected |
| linux-hwe-5.4 | — | Not in release | Not in release | Not in release | Not affected |
| linux-hwe-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-hwe-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-aws-5.4 | — | Not in release | Not in release | Not in release | Not affected |
| linux-aws-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-azure-4.15 | — | Not in release | Not in release | Not in release | Not affected |
| linux-azure-5.4 | — | Not in release | Not in release | Not in release | Not affected |
| linux-azure-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-azure-fde | — | Not affected | Not affected | Ignored | Not in release |
| linux-azure-fde-5.15 | — | Not in release | Not in release | Ignored | Not in release |
| linux-bluefield | — | Not in release | Not in release | Not affected | Not in release |
| linux-fips | — | Not in release | Not affected | Not affected | Not affected |
| linux-aws-fips | — | Not in release | Not affected | Not affected | Not affected |
| linux-azure-fips | — | Not in release | Not affected | Not affected | Not affected |
| linux-gcp-fips | — | Not in release | Not affected | Not affected | Not affected |
| linux-gcp-4.15 | — | Not in release | Not in release | Not in release | Not affected |
| linux-gcp-5.4 | — | Not in release | Not in release | Not in release | Not affected |
| linux-gcp-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-gkeop | — | Not affected | Not affected | Not affected | Not in release |
| linux-gkeop-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-ibm | — | Not affected | Not affected | Not affected | Not in release |
| linux-ibm-5.4 | — | Not in release | Not in release | Not in release | Not affected |
| linux-ibm-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-intel | — | Not affected | Not in release | Not in release | Not in release |
| linux-intel-iotg | — | Not in release | Not affected | Not in release | Not in release |
| linux-intel-iotg-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-iot | — | Not in release | Not in release | Not affected | Not in release |
| linux-intel-iot-realtime | — | Not in release | Not affected | Not in release | Not in release |
| linux-lowlatency | — | Not affected | Not affected | Not in release | Not in release |
| linux-lowlatency-hwe-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-lowlatency-hwe-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-nvidia | — | Not affected | Not affected | Not in release | Not in release |
| linux-nvidia-6.5 | — | Not in release | Not affected | Not in release | Not in release |
| linux-nvidia-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-nvidia-lowlatency | — | Not affected | Not in release | Not in release | Not in release |
| linux-oracle-5.4 | — | Not in release | Not in release | Not in release | Not affected |
| linux-oracle-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-oem-6.8 | — | Not affected | Not in release | Not in release | Not in release |
| linux-raspi | — | Not affected | Not affected | Not affected | Not in release |
| linux-raspi-5.4 | — | Not in release | Not in release | Not in release | Not affected |
| linux-raspi-realtime | — | Not affected | Not in release | Not in release | Not in release |
| linux-realtime | — | Not affected | Not affected | Not in release | Not in release |
| linux-riscv | — | Not affected | Ignored | Ignored | Not in release |
| linux-riscv-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-riscv-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-xilinx-zynqmp | — | Not in release | Not affected | Not affected | Not in release |
| linux-aws-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-gcp-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-oracle-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-azure-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-oem-6.11 | — | Not affected | Not in release | Not in release | Not in release |
| linux-hwe-6.11 | — | Ignored | Not in release | Not in release | Not in release |
| linux-hwe-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-aws-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-azure-6.11 | — | Ignored | Not in release | Not in release | Not in release |
| linux-azure-nvidia | — | Not affected | Not in release | Not in release | Not in release |
| linux-gcp-6.11 | — | Ignored | Not in release | Not in release | Not in release |
| linux-gcp-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-ibm-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-lowlatency-hwe-6.11 | — | Ignored | Not in release | Not in release | Not in release |
| linux-nvidia-tegra | — | Not affected | Not affected | Not in release | Not in release |
| linux-nvidia-tegra-5.15 | — | Not in release | Not in release | Not affected | Not in release |
| linux-nvidia-tegra-igx | — | Not in release | Not affected | Not in release | Not in release |
| linux-oracle-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-oem-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-riscv-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-nvidia-6.11 | — | Not affected | Not in release | Not in release | Not in release |
| linux-realtime-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-realtime-6.14 | — | Not affected | Not in release | Not in release | Not in release |
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
1 affected package
tiff
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tiff | — | — | — | Not affected | Fixed |
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
4 affected packages
ruby1.9.1, ruby2.0, ruby2.3, ruby2.5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby1.9.1 | — | — | — | — | Not in release |
| ruby2.0 | — | — | — | — | Not in release |
| ruby2.3 | — | — | — | — | Not in release |
| ruby2.5 | — | — | — | — | Fixed |
Some fixes available 7 of 8
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering,...
5 affected packages
ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby1.9.1 | — | Not in release | Not in release | Not in release | Not in release |
| ruby2.0 | — | Not in release | Not in release | Not in release | Not in release |
| ruby2.3 | — | Not in release | Not in release | Not in release | Not in release |
| ruby2.5 | — | Not in release | Not in release | Not in release | Fixed |
| ruby-openssl | — | Not in release | Not in release | Not in release | Not affected |
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
2 affected packages
network-manager, systemd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| network-manager | — | — | — | — | Fixed |
| systemd | — | — | — | — | Fixed |
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
1 affected package
systemd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| systemd | — | — | — | — | Fixed |
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to...
1 affected package
systemd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| systemd | — | — | — | — | Fixed |
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by...
4 affected packages
ipe, libextractor, xpdf, poppler
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not affected | Not in release | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |