Search CVE reports
81 – 90 of 893 results
Some fixes available 7 of 57
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
8 affected packages
dcraw, ufraw, darktable, exactimage, libraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Not affected | Fixed | Fixed | Fixed | Fixed |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Not affected | Not affected | Not affected |
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
1 affected package
ark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ark | Not affected | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Not affected | Not affected | Not affected |
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with...
1 affected package
golang-github-gomarkdown-markdown
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-gomarkdown-markdown | Needs evaluation | Needs evaluation | Not in release | Not in release | — |
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe...
1 affected package
node-markdown-to-jsx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-markdown-to-jsx | Needs evaluation | Needs evaluation | Not in release | Not in release | — |
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Vulnerable | Vulnerable | Not affected |
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |