Search CVE reports
41341 – 41350 of 69301 results
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused...
4 affected packages
ipe, libextractor, poppler, xpdf
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not affected | Not in release | Not affected |
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules....
27 affected packages
linux, linux-flo, linux-aws, linux-azure, linux-aws-hwe...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-flo | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Not affected |
| linux-azure | — | — | — | — | Not affected |
| linux-aws-hwe | — | — | — | — | Not in release |
| linux-oracle | — | — | — | — | Not affected |
| linux-azure-edge | — | — | — | — | Not affected |
| linux-euclid | — | — | — | — | Not in release |
| linux-gcp | — | — | — | — | Not affected |
| linux-gcp-edge | — | — | — | — | Not affected |
| linux-gke | — | — | — | — | Not in release |
| linux-goldfish | — | — | — | — | Not in release |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Not affected |
| linux-hwe-edge | — | — | — | — | Not affected |
| linux-kvm | — | — | — | — | Not affected |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not in release |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Not affected |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical...
8 affected packages
xorg-server-lts-wily, xorg, xorg-hwe-16.04, xorg-server, xorg-server-hwe-16.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg-server-lts-wily | — | — | — | — | Not in release |
| xorg | — | — | — | — | Not affected |
| xorg-hwe-16.04 | — | — | — | — | Not in release |
| xorg-server | — | — | — | — | Fixed |
| xorg-server-hwe-16.04 | — | — | — | — | Not in release |
| xorg-server-lts-utopic | — | — | — | — | Not in release |
| xorg-server-lts-vivid | — | — | — | — | Not in release |
| xorg-server-lts-xenial | — | — | — | — | Not in release |
Some fixes available 4 of 7
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
1 affected package
salt
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| salt | — | — | Not affected | Not in release | Fixed |
Some fixes available 4 of 7
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
1 affected package
salt
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| salt | — | — | Not affected | Not in release | Fixed |
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and...
1 affected package
amanda
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| amanda | Not affected | Not affected | Not affected | Not affected | Not affected |
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users...
1 affected package
amanda
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| amanda | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 15 of 25
If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.
4 affected packages
mozjs52, firefox, mozjs38, mozjs60
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 25
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could...
4 affected packages
firefox, mozjs38, mozjs52, mozjs60
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 25
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.
4 affected packages
mozjs52, mozjs60, mozjs38, firefox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |