Search CVE reports
61 – 70 of 31401 results
CVE-2024-49767
Medium priorityWerkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all...
2 affected packages
python-werkzeug, quart
| Package | 18.04 LTS |
|---|---|
| python-werkzeug | Not affected |
| quart | — |
CVE-2024-49766
Medium priorityWerkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path...
1 affected packages
python-werkzeug
| Package | 18.04 LTS |
|---|---|
| python-werkzeug | Not affected |
CVE-2024-48426
Medium priorityA segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 18.04 LTS |
|---|---|
| assimp | Needs evaluation |
| qt6-3d | — |
| qt6-quick3d | — |
| spring | Needs evaluation |
CVE-2024-48425
Medium priorityA segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at...
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 18.04 LTS |
|---|---|
| assimp | Needs evaluation |
| qt6-3d | — |
| qt6-quick3d | — |
| spring | Needs evaluation |
CVE-2024-48424
Medium priorityA heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 18.04 LTS |
|---|---|
| assimp | Needs evaluation |
| qt6-3d | — |
| qt6-quick3d | — |
| spring | Needs evaluation |
CVE-2024-48423
Medium priorityAn issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
3 affected packages
assimp, qt6-3d, qt6-quick3d
| Package | 18.04 LTS |
|---|---|
| assimp | Needs evaluation |
| qt6-3d | — |
| qt6-quick3d | — |
CVE-2024-48208
Medium prioritypure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
1 affected packages
pure-ftpd
| Package | 18.04 LTS |
|---|---|
| pure-ftpd | Needs evaluation |
CVE-2024-46478
Medium priorityHTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
1 affected packages
htmldoc
| Package | 18.04 LTS |
|---|---|
| htmldoc | Needs evaluation |
CVE-2024-50383
Medium priorityBotan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set....
3 affected packages
botan, oscar, thunderbird
| Package | 18.04 LTS |
|---|---|
| botan | Needs evaluation |
| oscar | — |
| thunderbird | — |
CVE-2024-50382
Medium priorityBotan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for...
3 affected packages
botan, oscar, thunderbird
| Package | 18.04 LTS |
|---|---|
| botan | Needs evaluation |
| oscar | — |
| thunderbird | — |