Search CVE reports
1 – 10 of 132 results
CVE-2024-31497
Medium priorityIn PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where...
2 affected packages
filezilla, putty
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
filezilla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
putty | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-48795
Medium prioritySome fixes available 22 of 76
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, filezilla, golang-go.crypto, libssh, libssh2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dropbear | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
filezilla | Fixed | Fixed | Fixed | Not affected | Not affected |
golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libssh | Not affected | Fixed | Fixed | Not affected | Not affected |
libssh2 | Not affected | Not affected | Not affected | Not affected | Not affected |
lxd | Not in release | Not in release | Not affected | Fixed | Fixed |
openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
paramiko | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
proftpd-dfsg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python-asyncssh | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
snapd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-48554
Medium priorityFile before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
1 affected packages
file
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
file | — | Fixed | Not affected | Not affected | Not affected |
CVE-2020-18781
Medium priorityHeap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
1 affected packages
audiofile
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
audiofile | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-33065
Medium prioritySome fixes available 7 of 8
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
1 affected packages
libsndfile
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsndfile | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-33064
Medium priorityAn off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
1 affected packages
libsndfile
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsndfile | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2023-24998
Medium priorityApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the...
1 affected packages
libcommons-fileupload-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcommons-fileupload-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-47021
Medium prioritySome fixes available 4 of 5
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
1 affected packages
opusfile
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
opusfile | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2016-15003
Medium priorityA vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The...
1 affected packages
filezilla
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
filezilla | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-29620
Negligible priority** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability.
1 affected packages
filezilla
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
filezilla | — | Not affected | Not affected | Not affected | — |