Search CVE reports


Toggle filters

21 – 30 of 134 results


CVE-2017-18925

Medium priority
Needs evaluation

opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.

1 affected package

opentmpfiles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opentmpfiles Not in release Not in release Needs evaluation Not in release Not in release
Show less packages

CVE-2020-11736

Medium priority
Fixed

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

1 affected package

file-roller

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file-roller Fixed Fixed Fixed
Show less packages

CVE-2011-4116

Low priority
Ignored

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

2 affected packages

libfile-temp-perl, perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libfile-temp-perl
perl
Show less packages

CVE-2019-18218

Medium priority
Fixed

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

1 affected package

file

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file Fixed Fixed
Show less packages

CVE-2019-16680

Medium priority
Fixed

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

1 affected package

file-roller

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file-roller Fixed Fixed
Show less packages

CVE-2019-13147

Medium priority

Some fixes available 7 of 16

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

1 affected package

audiofile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
audiofile Vulnerable Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-5429

Low priority
Vulnerable

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.

1 affected package

filezilla

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
filezilla Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-3832

Low priority
Fixed

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

1 affected package

libsndfile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libsndfile Not affected Fixed Fixed
Show less packages

CVE-2013-7469

Medium priority
Needs evaluation

Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

1 affected package

seafile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
seafile Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2019-8907

Medium priority
Fixed

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

1 affected package

file

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file Fixed Fixed
Show less packages