Search CVE reports
171 – 180 of 494 results
Some fixes available 16 of 71
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
7 affected packages
ghostscript, openjpeg, openjpeg2, blender, insighttoolkit4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 16 of 76
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
7 affected packages
texmaker, blender, ghostscript, insighttoolkit4, openjpeg...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 2
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
1 affected package
lightdm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lightdm | — | — | — | — |
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | Fixed |
Some fixes available 5 of 8
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All...
1 affected package
lighttpd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lighttpd | — | — | — | — |
Not in release
I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
Some fixes available 1 of 17
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
1 affected package
tightvnc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tightvnc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 20 of 78
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another...
7 affected packages
krfb, libvncserver, tightvnc, veyon, x11vnc...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| krfb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libvncserver | Not affected | Not affected | Not affected | Fixed |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| veyon | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| x11vnc | Not affected | Not affected | Not affected | Not affected |
| italc | Not in release | Not in release | Not in release | Fixed |
| vino | Fixed | Fixed | Fixed | Fixed |
Some fixes available 5 of 77
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
6 affected packages
tightvnc, libvncserver, ssvnc, veyon, vncsnapshot, x11vnc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libvncserver | Not affected | Not affected | Fixed | Fixed |
| ssvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| veyon | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| vncsnapshot | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| x11vnc | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 88
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
7 affected packages
libvncserver, tightvnc, x11vnc, ssvnc, veyon...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libvncserver | Not affected | Not affected | Not affected | Not affected |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| x11vnc | Not affected | Not affected | Not affected | Not affected |
| ssvnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| veyon | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| vncsnapshot | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| x2vnc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |