Search CVE reports
1 – 7 of 7 results
CVE-2024-6345
Medium priorityA vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Not affected | Not affected | Fixed | Fixed | Fixed |
| python-setuptools | Not in release | Fixed | Fixed | Fixed | Fixed |
| setuptools | Fixed | Fixed | Fixed | — | — |
CVE-2021-45985
Medium priorityIn Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
9 affected packages
darktable, lua5.1, lua5.2, lua5.3, lua5.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| lua5.1 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.4 | Not affected | Not affected | Not in release | Not in release | Not in release |
| lua50 | Not in release | Not in release | Not affected | Not affected | Not affected |
| memcached | Not affected | Not affected | Not affected | Not affected | Not affected |
| tup | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| vifm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-40897
Medium priorityPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Fixed | Fixed | Fixed | Fixed |
| python-setuptools | — | Fixed | Fixed | Fixed | Fixed |
| setuptools | — | Fixed | Fixed | Not in release | Not in release |
CVE-2021-4122
Medium prioritySome fixes available 3 of 4
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to...
1 affected package
cryptsetup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cryptsetup | — | Fixed | Fixed | Not affected | Not affected |
CVE-2021-43519
Low priorityStack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
45 affected packages
ardour, bam, blobby, ceph, darktable...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ardour | Not affected | Not affected | Not affected | Not affected | Not affected |
| bam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blobby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ceph | Not affected | Not affected | Not affected | Not affected | Not affected |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| eja | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| emscripten | Needs evaluation | Needs evaluation | — | Needs evaluation | Needs evaluation |
| enigma | Not affected | Not affected | Not affected | Not affected | Not affected |
| freeciv | Not affected | Not affected | Not affected | Not affected | Not affected |
| freedroidrpg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golly | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| gtk2-engines | Not affected | Not affected | Not affected | Not affected | Not affected |
| haskell-hslua | Not affected | Not affected | Not affected | Not affected | Not affected |
| hedgewars | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.1 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.4 | Not affected | Not affected | Not in release | Not in release | Not in release |
| lua50 | Not in release | Not in release | Not affected | Not affected | Not affected |
| luajit | Not affected | Not affected | Not affected | Not affected | Not affected |
| mame | Not affected | Not affected | Not affected | Not affected | Not affected |
| naev | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
| openscenegraph | Not affected | Not affected | Not affected | Not affected | Not affected |
| redis | Not affected | Not affected | Not affected | Not affected | Not affected |
| rust-lua52-sys | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
| scite | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| scorched3d | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| scummvm | Not affected | Not affected | Not affected | Not affected | Not affected |
| spring | Not affected | Not affected | Not affected | Not affected | Not affected |
| syslinux | Not affected | Not affected | Not affected | Not affected | Not affected |
| syslinux-legacy | Not in release | Not in release | Not affected | Not affected | Not affected |
| tagua | Not affected | Not affected | Not affected | Not affected | Not affected |
| tarantool | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| tup | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
| ufoai | Not affected | Not affected | Not affected | Not affected | Not affected |
| vifm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wcc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| wesnoth | — | — | — | — | Ignored |
| widelands | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmoto | Not affected | Not affected | Not affected | Not affected | Not affected |
| zfs-linux | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-14382
Medium priorityA vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments...
1 affected package
cryptsetup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cryptsetup | — | — | Fixed | Not affected | Not affected |
CVE-2016-4484
Low priorityThe Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
1 affected package
cryptsetup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cryptsetup | Not affected | Not affected | Not affected | Not affected | Ignored |