Search CVE reports
1 – 10 of 139 results
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before...
4 affected packages
libcommons-fileupload-java, tomcat10, tomcat11, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libcommons-fileupload-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tomcat10 | Needs evaluation | Not in release | — | — |
| tomcat11 | Not in release | Not in release | — | — |
| tomcat9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
1 affected package
libsndfile
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsndfile | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
1 affected package
libsndfile
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsndfile | Fixed | Fixed | Fixed | Fixed |
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where...
2 affected packages
filezilla, putty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| filezilla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| putty | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 38 of 85
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, golang-go.crypto, snapd, lxd, libssh...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dropbear | Needs evaluation | Fixed | Fixed | Fixed |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| snapd | Not affected | Not affected | Not affected | Not affected |
| lxd | Not in release | Not in release | Not affected | Fixed |
| libssh | Not affected | Fixed | Fixed | Not affected |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored |
| libssh2 | Not affected | Not affected | Not affected | Not affected |
| openssh | Fixed | Fixed | Fixed | Fixed |
| paramiko | Fixed | Fixed | Fixed | Needs evaluation |
| putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| proftpd-dfsg | Not affected | Not affected | Fixed | Needs evaluation |
| python-asyncssh | Fixed | Fixed | Fixed | Ignored |
| filezilla | Fixed | Fixed | Fixed | Not affected |
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the...
1 affected package
libcommons-fileupload-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libcommons-fileupload-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
1 affected package
file
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| file | — | Fixed | Not affected | Not affected |
Some fixes available 4 of 5
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
1 affected package
opusfile
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| opusfile | Not affected | Fixed | Fixed | Fixed |
Some fixes available 7 of 8
Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
1 affected package
libsndfile
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsndfile | — | Fixed | Fixed | Fixed |
An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
1 affected package
libsndfile
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsndfile | Vulnerable | Vulnerable | Vulnerable | Vulnerable |