Search CVE reports
21 – 30 of 134 results
CVE-2017-18925
Medium priorityopentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.
1 affected package
opentmpfiles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
opentmpfiles | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
CVE-2020-11736
Medium priorityfr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
1 affected package
file-roller
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
file-roller | — | — | Fixed | Fixed | Fixed |
CVE-2011-4116
Low priority_is_safe in the File::Temp module for Perl does not properly handle symlinks.
2 affected packages
libfile-temp-perl, perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libfile-temp-perl | — | — | — | — | — |
perl | — | — | — | — | — |
CVE-2019-18218
Medium prioritycdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
1 affected package
file
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
file | — | — | — | Fixed | Fixed |
CVE-2019-16680
Medium priorityAn issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
1 affected package
file-roller
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
file-roller | — | — | — | Fixed | Fixed |
CVE-2019-13147
Medium prioritySome fixes available 7 of 16
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
1 affected package
audiofile
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
audiofile | Vulnerable | Fixed | Fixed | Fixed | Fixed |
CVE-2019-5429
Low priorityUntrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
1 affected package
filezilla
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
filezilla | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2019-3832
Low priorityIt was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
1 affected package
libsndfile
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libsndfile | — | — | Not affected | Fixed | Fixed |
CVE-2013-7469
Medium prioritySeafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
1 affected package
seafile
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
seafile | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2019-8907
Medium prioritydo_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
1 affected package
file
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
file | — | — | — | Fixed | Fixed |