Search CVE reports
1 – 6 of 6 results
CVE-2017-14176
Medium priorityBazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836,...
1 affected packages
bzr
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bzr | — | — | — | — | Fixed |
CVE-2016-6271
Medium prioritySome fixes available 1 of 4
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
1 affected packages
bzrtp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bzrtp | — | — | — | Not affected | Fixed |
CVE-2013-2223
Medium priorityGNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that...
1 affected packages
libzrtpcpp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libzrtpcpp | — | — | — | Not in release | Not affected |
CVE-2013-2222
Medium priorityMultiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType,...
1 affected packages
libzrtpcpp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libzrtpcpp | — | — | — | Not in release | Not affected |
CVE-2013-2221
Medium priorityHeap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet.
1 affected packages
libzrtpcpp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libzrtpcpp | — | — | — | Not in release | Not affected |
CVE-2013-2099
Low prioritySome fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, linkchecker, python-tornado, python-urllib3, python2.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected | Not affected |
| linkchecker | Not affected | Not affected | Not in release | Not affected | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| w3af | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected | Not affected |