Search CVE reports
641 – 650 of 36211 results
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to...
2 affected packages
7zip, p7zip
| Package | 22.04 LTS |
|---|---|
| 7zip | Needs evaluation |
| p7zip | Needs evaluation |
Some fixes available 2 of 9
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
23 affected packages
apache2, apr-util, cmake, ghostscript, texlive-bin...
| Package | 22.04 LTS |
|---|---|
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | Not in release |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Needs evaluation |
| cadaver | Needs evaluation |
| gdcm | Not affected |
| ayttm | Not in release |
| cableswig | Not in release |
| coin3 | Not affected |
| matanza | Ignored |
| tdom | Needs evaluation |
| vtk | Not in release |
| smart | Not in release |
| firefox | Not affected |
| thunderbird | Not affected |
| libxmltok | Fixed |
| expat | Fixed |
Not in release
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path...
1 affected package
golang-github-sigstore-sigstore
| Package | 22.04 LTS |
|---|---|
| golang-github-sigstore-sigstore | Not in release |
Not in release
[Unknown description]
1 affected package
liblivemedia
| Package | 22.04 LTS |
|---|---|
| liblivemedia | Not in release |
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to...
1 affected package
npm
| Package | 22.04 LTS |
|---|---|
| npm | Needs evaluation |
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit...
1 affected package
gimp
| Package | 22.04 LTS |
|---|---|
| gimp | Needs evaluation |
Not in release
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since...
1 affected package
rekor
| Package | 22.04 LTS |
|---|---|
| rekor | Not in release |
Not in release
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic...
2 affected packages
incus, lxd
| Package | 22.04 LTS |
|---|---|
| incus | Not in release |
| lxd | Not in release |
Not in release
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an...
2 affected packages
incus, lxd
| Package | 22.04 LTS |
|---|---|
| incus | Not in release |
| lxd | Not in release |
Not in release
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer...
1 affected package
rekor
| Package | 22.04 LTS |
|---|---|
| rekor | Not in release |