Search CVE reports
41821 – 41830 of 69503 results
Not in release
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.
1 affected package
gitolite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitolite3 | — | — | — | — | — |
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on...
2 affected packages
gitolite, gitolite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitolite | — | — | — | — | — |
| gitolite3 | — | — | — | — | — |
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
24 affected packages
linux, linux-aws, linux-azure, linux-azure-edge, linux-euclid...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Not affected |
| linux-aws | — | — | — | — | Not affected |
| linux-azure | — | — | — | — | Not affected |
| linux-azure-edge | — | — | — | — | Not affected |
| linux-euclid | — | — | — | — | Not in release |
| linux-flo | — | — | — | — | Not in release |
| linux-gcp | — | — | — | — | Not affected |
| linux-gke | — | — | — | — | Not in release |
| linux-goldfish | — | — | — | — | Not in release |
| linux-grouper | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Not affected |
| linux-hwe-edge | — | — | — | — | Not affected |
| linux-kvm | — | — | — | — | Not affected |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not in release |
| linux-manta | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Not affected |
| linux-raspi2 | — | — | — | — | Not affected |
| linux-snapdragon | — | — | — | — | Not affected |
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting...
1 affected package
liblouis
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| liblouis | — | — | — | — | Fixed |
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
1 affected package
haproxy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| haproxy | — | — | — | — | Fixed |
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
1 affected package
exiv2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| exiv2 | — | — | — | — | Not affected |
Some fixes available 4 of 10
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This...
1 affected package
hdf5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hdf5 | — | Not affected | Not affected | Fixed | Fixed |
The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.
1 affected package
mp4v2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mp4v2 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.
1 affected package
mp4v2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mp4v2 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 4 of 10
Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
1 affected package
hdf5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hdf5 | — | Not affected | Not affected | Fixed | Fixed |