Search CVE reports
141 – 150 of 465 results
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of...
1 affected package
python-tornado
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | — | — | — | Not affected |
Some fixes available 3 of 5
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock...
1 affected package
storebackup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| storebackup | — | — | Fixed | Fixed |
Some fixes available 4 of 9
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references...
1 affected package
node-negotiator
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| node-negotiator | — | — | — | Fixed |
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
5 affected packages
koffice, ipe, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| koffice | Not in release | Not in release | Not in release | Not in release |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected |
| xpdf | Not affected | Not affected | Not in release | Not affected |
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
5 affected packages
ipe, koffice, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | — | — | Not affected | Not affected |
| koffice | — | — | Not in release | Not in release |
| libextractor | — | — | Not affected | Not affected |
| poppler | — | — | Not affected | Not affected |
| xpdf | — | — | Not in release | Not affected |
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in...
1 affected package
libhibernate-validator-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libhibernate-validator-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
6 affected packages
koffice, libextractor, poppler, xpdf, ipe, kdegraphics
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| koffice | — | — | — | — |
| libextractor | — | — | — | — |
| poppler | — | — | — | — |
| xpdf | — | — | — | — |
| ipe | — | — | — | — |
| kdegraphics | — | — | — | — |
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
6 affected packages
ipe, kdegraphics, koffice, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | — | — | — | — |
| kdegraphics | — | — | — | — |
| koffice | — | — | — | — |
| libextractor | — | — | — | — |
| poppler | — | — | — | — |
| xpdf | — | — | — | — |
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
2 affected packages
ccextractor, gpac
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| gpac | Not affected | Not affected | Not affected | Not affected |
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
2 affected packages
ccextractor, gpac
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ccextractor | Needs evaluation | Vulnerable | Vulnerable | Not in release |
| gpac | Not affected | Not affected | Vulnerable | Vulnerable |