Search CVE reports
481 – 490 of 490 results
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.
1 affected package
tor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tor | — | — | — | — |
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a)...
9 affected packages
cupsys, gpdf, kdegraphics, koffice, libextractor...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cupsys | — | — | — | — |
| gpdf | — | — | — | — |
| kdegraphics | — | — | — | — |
| koffice | — | — | — | — |
| libextractor | — | — | — | — |
| pdftohtml | — | — | — | — |
| poppler | — | — | — | — |
| tetex-bin | — | — | — | — |
| xpdf | — | — | — | — |
Some fixes available 18 of 21
Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a...
4 affected packages
centericq, centerim, motor, orpheus
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| centericq | — | — | — | — |
| centerim | — | — | — | — |
| motor | — | — | — | — |
| orpheus | — | — | — | — |
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
1 affected package
storebackup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| storebackup | — | — | — | — |
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
1 affected package
storebackup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| storebackup | — | — | — | — |
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
1 affected package
storebackup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| storebackup | — | — | — | — |
Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a...
1 affected package
tor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tor | — | — | — | — |
Some fixes available 5 of 6
Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space.
1 affected package
tor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tor | — | — | — | — |
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
8 affected packages
cupsys, gpdf, kdegraphics, koffice, libextractor...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cupsys | — | — | — | — |
| gpdf | — | — | — | — |
| kdegraphics | — | — | — | — |
| koffice | — | — | — | — |
| libextractor | — | — | — | — |
| pdftohtml | — | — | — | — |
| tetex-bin | — | — | — | — |
| xpdf | — | — | — | — |
1 affected package
autorespond
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| autorespond | — | — | — | — |