Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 25873 results

Status is adjusted based on your filters.


CVE-2024-9781

Medium priority
Needs evaluation

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

1 affected packages

wireshark

Package 20.04 LTS
wireshark Needs evaluation
Show less packages

CVE-2024-9780

Medium priority
Needs evaluation

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

1 affected packages

wireshark

Package 20.04 LTS
wireshark Needs evaluation
Show less packages

CVE-2024-6747

Medium priority

Not in release

Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data

1 affected packages

check-mk

Package 20.04 LTS
check-mk Not in release
Show less packages

CVE-2024-48958

Medium priority
Needs evaluation

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

1 affected packages

libarchive

Package 20.04 LTS
libarchive Needs evaluation
Show less packages

CVE-2024-48957

Medium priority
Needs evaluation

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

1 affected packages

libarchive

Package 20.04 LTS
libarchive Needs evaluation
Show less packages

CVE-2024-48949

Medium priority
Needs evaluation

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

1 affected packages

node-elliptic

Package 20.04 LTS
node-elliptic Needs evaluation
Show less packages

CVE-2024-36051

Medium priority
Needs evaluation

In btcd before 0.24.2, removeOpcodeByData mishandles the consensus rules for legacy signature verification. There can be a standard transaction that would be considered valid by Bitcoin Core but invalid by btcd.

2 affected packages

golang-github-btcsuite-btcd-btcec, golang-github-btcsuite-btcd-chaincfg-chainhash

Package 20.04 LTS
golang-github-btcsuite-btcd-btcec Needs evaluation
golang-github-btcsuite-btcd-chaincfg-chainhash Needs evaluation
Show less packages

CVE-2024-9680

Medium priority
Vulnerable

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 20.04 LTS
firefox Vulnerable
mozjs102 Not in release
mozjs115 Not in release
mozjs38 Not in release
mozjs52 Ignored
mozjs68 Ignored
mozjs78 Not in release
mozjs91 Not in release
thunderbird Vulnerable
Show all 9 packages Show less packages

CVE-2024-48933

Medium priority
Needs evaluation

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that...

1 affected packages

lemonldap-ng

Package 20.04 LTS
lemonldap-ng Needs evaluation
Show less packages

CVE-2024-47828

Medium priority

Not in release

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that...

1 affected packages

ampache

Package 20.04 LTS
ampache Not in release
Show less packages