Search CVE reports
1 – 10 of 32405 results
A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires...
1 affected package
vips
| Package | 24.04 LTS |
|---|---|
| vips | Needs evaluation |
A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The...
1 affected package
vips
| Package | 24.04 LTS |
|---|---|
| vips | Needs evaluation |
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alpha_band can lead to...
1 affected package
vips
| Package | 24.04 LTS |
|---|---|
| vips | Needs evaluation |
A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The...
1 affected package
vips
| Package | 24.04 LTS |
|---|---|
| vips | Needs evaluation |
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client...
1 affected package
inetutils
| Package | 24.04 LTS |
|---|---|
| inetutils | Needs evaluation |
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This...
1 affected package
vitrage
| Package | 24.04 LTS |
|---|---|
| vitrage | Needs evaluation |
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation...
1 affected package
ocaml
| Package | 24.04 LTS |
|---|---|
| ocaml | Needs evaluation |
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized...
1 affected package
gvfs
| Package | 24.04 LTS |
|---|---|
| gvfs | Needs evaluation |
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information...
1 affected package
gvfs
| Package | 24.04 LTS |
|---|---|
| gvfs | Needs evaluation |
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 24.04 LTS |
|---|---|
| golang-golang-x-net | Needs evaluation |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Not in release |
| adsys | Needs evaluation |
| juju-core | Not in release |
| lxd | Not in release |