Search CVE reports
771 – 780 of 34264 results
Some fixes available 1 of 2
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS |
|---|---|
| openssl | Fixed |
| openssl-fips | Not in release |
| openssl1.0 | Not in release |
| nodejs | Not affected |
| edk2 | Needs evaluation |
Some fixes available 1 of 2
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS |
|---|---|
| openssl | Fixed |
| openssl-fips | Not in release |
| openssl1.0 | Not in release |
| nodejs | Not affected |
| edk2 | Needs evaluation |
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | Not affected |
| openssl1.0 | Not in release |
| nodejs | Not affected |
| edk2 | Not affected |
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against...
3 affected packages
libsdl2-image, libsdl3-image, sdl-image1.2
| Package | 24.04 LTS |
|---|---|
| libsdl2-image | Needs evaluation |
| libsdl3-image | Not in release |
| sdl-image1.2 | Needs evaluation |
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the...
1 affected package
ocsinventory-server
| Package | 24.04 LTS |
|---|---|
| ocsinventory-server | Needs evaluation |
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger...
1 affected package
discount
| Package | 24.04 LTS |
|---|---|
| discount | Needs evaluation |
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis...
1 affected package
docker-registry
| Package | 24.04 LTS |
|---|---|
| docker-registry | Needs evaluation |
Rejected reason: CVE confirmed to be a false positive
2 affected packages
golang-github-coreos-bbolt, golang-github-boltdb-bolt
| Package | 24.04 LTS |
|---|---|
| golang-github-coreos-bbolt | Not affected |
| golang-github-boltdb-bolt | Not affected |
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix...
1 affected package
vim
| Package | 24.04 LTS |
|---|---|
| vim | Vulnerable |
Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for...
1 affected package
hugo
| Package | 24.04 LTS |
|---|---|
| hugo | Needs evaluation |