Search CVE reports
41 – 50 of 37641 results
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 22.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | Not in release |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier,...
1 affected package
python-django
| Package | 22.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier,...
1 affected package
python-django
| Package | 22.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with...
1 affected package
python-django
| Package | 22.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when...
1 affected package
python-django
| Package | 22.04 LTS |
|---|---|
| python-django | Ignored |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding:...
1 affected package
python-django
| Package | 22.04 LTS |
|---|---|
| python-django | Fixed |
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Not in release
Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows an attacker with dashboard creation...
1 affected package
check-mk
| Package | 22.04 LTS |
|---|---|
| check-mk | Not in release |
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in...
1 affected package
erlang
| Package | 22.04 LTS |
|---|---|
| erlang | Needs evaluation |