Search CVE reports
1 – 10 of 1262 results
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The...
1 affected package
unrar-nonfree
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| unrar-nonfree | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of...
1 affected package
golang-github-nwaples-rardecode
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-nwaples-rardecode | Not in release | Not in release | — | — |
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will...
1 affected package
icinga-php-library
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icinga-php-library | Needs evaluation | Needs evaluation | Not in release | — |
RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.
1 affected package
unrar-nonfree
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| unrar-nonfree | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 5
RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.
1 affected package
unrar-nonfree
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| unrar-nonfree | Not affected | Fixed | Fixed | Needs evaluation |
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
14 affected packages
armnn, libstb, arm-compute-library, bibledit, bibledit-cloud...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| armnn | Needs evaluation | Needs evaluation | Not in release | Ignored |
| libstb | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| arm-compute-library | Needs evaluation | Needs evaluation | Not in release | Ignored |
| bibledit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bibledit-cloud | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| emscripten | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsfml | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| love | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| timg | Needs evaluation | Needs evaluation | Not in release | Ignored |
| tiny-dnn | Needs evaluation | Not in release | Not in release | Ignored |
| utox | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| visp | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
Some fixes available 13 of 21
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR....
3 affected packages
rar, unrar-nonfree, libclamunrar
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rar | Fixed | Fixed | Fixed | Vulnerable |
| unrar-nonfree | Not affected | Fixed | Fixed | Vulnerable |
| libclamunrar | Not affected | Fixed | Fixed | Vulnerable |
Some fixes available 2 of 4
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
1 affected package
unrar-nonfree
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| unrar-nonfree | Not affected | Fixed | Fixed | Needs evaluation |
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to...
1 affected package
guava-libraries
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| guava-libraries | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.
18 affected packages
linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux | — | — | — | — |
| linux-armadaxp | — | — | — | — |
| linux-ec2 | — | — | — | — |
| linux-flo | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — |
| linux-goldfish | — | — | — | — |
| linux-grouper | — | — | — | — |
| linux-lts-backport-maverick | — | — | — | — |
| linux-lts-backport-natty | — | — | — | — |
| linux-lts-backport-oneiric | — | — | — | — |
| linux-lts-quantal | — | — | — | — |
| linux-lts-raring | — | — | — | — |
| linux-lts-saucy | — | — | — | — |
| linux-maguro | — | — | — | — |
| linux-mako | — | — | — | — |
| linux-manta | — | — | — | — |
| linux-mvl-dove | — | — | — | — |
| linux-ti-omap4 | — | — | — | — |