Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 134 results


CVE-2024-50613

Medium priority
Needs evaluation

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

1 affected packages

libsndfile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsndfile Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-50612

Medium priority
Needs evaluation

libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

1 affected packages

libsndfile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsndfile Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-31497

Medium priority
Needs evaluation

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where...

2 affected packages

filezilla, putty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
filezilla Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
putty Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-48795

Medium priority

Some fixes available 29 of 79

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...

13 affected packages

dropbear, filezilla, golang-go.crypto, libssh, libssh2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dropbear Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
filezilla Fixed Fixed Fixed Not affected Not affected
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libssh Not affected Fixed Fixed Not affected Not affected
libssh2 Not affected Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not affected Fixed Fixed
openssh Fixed Fixed Fixed Fixed Fixed
openssh-ssh1 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
paramiko Fixed Fixed Fixed Needs evaluation Needs evaluation
proftpd-dfsg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
putty Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python-asyncssh Fixed Fixed Fixed Ignored Ignored
snapd Not affected Not affected Not affected Not affected Not affected
Show all 13 packages Show less packages

CVE-2022-48554

Medium priority
Fixed

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

1 affected packages

file

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file Fixed Not affected Not affected Not affected
Show less packages

CVE-2020-18781

Medium priority
Not affected

Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

1 affected packages

audiofile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
audiofile Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-33065

Medium priority

Some fixes available 7 of 8

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

1 affected packages

libsndfile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsndfile Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-33064

Medium priority
Vulnerable

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.

1 affected packages

libsndfile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsndfile Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-24998

Medium priority
Needs evaluation

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the...

1 affected packages

libcommons-fileupload-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcommons-fileupload-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-47021

Medium priority

Some fixes available 4 of 5

A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.

1 affected packages

opusfile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opusfile Not affected Fixed Fixed Fixed Fixed
Show less packages