Search CVE reports
371 – 380 of 33882 results
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 24.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | Not in release |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 24.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | Not in release |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 24.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | Not in release |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier,...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier,...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding:...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Ignored |
| mozjs115 | Ignored |
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Ignored |
| mozjs115 | Ignored |