Search CVE reports
11 – 20 of 26 results
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
1 affected package
phoronix-test-suite
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phoronix-test-suite | — | — | — | Needs evaluation |
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
1 affected package
phoronix-test-suite
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phoronix-test-suite | Not in release | Not in release | Not in release | Needs evaluation |
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
1 affected package
phoronix-test-suite
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phoronix-test-suite | Not in release | Not in release | Not in release | Needs evaluation |
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1 affected package
phoronix-test-suite
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phoronix-test-suite | Not in release | Not in release | Not in release | Needs evaluation |
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
1 affected package
rust-nix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rust-nix | Vulnerable | Vulnerable | Vulnerable | Not in release |
Some fixes available 13 of 28
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
2 affected packages
duo-unix, whoopsie
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| duo-unix | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| whoopsie | Fixed | Fixed | Fixed | Fixed |
Some fixes available 15 of 30
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.
2 affected packages
whoopsie, duo-unix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| whoopsie | Fixed | Fixed | Fixed | Fixed |
| duo-unix | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
1 affected package
unixodbc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| unixodbc | — | — | — | — |
Some fixes available 13 of 14
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
1 affected package
unixodbc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| unixodbc | — | Fixed | Fixed | Fixed |
A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.
1 affected package
mkvtoolnix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mkvtoolnix | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |