Search CVE reports
181 – 190 of 39653 results
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized...
1 affected package
389-ds-base
| Package | 24.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |
A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to...
1 affected package
gimp
| Package | 24.04 LTS |
|---|---|
| gimp | Needs evaluation |
Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat (follows symlinks) instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned...
1 affected package
hugo
| Package | 24.04 LTS |
|---|---|
| hugo | Needs evaluation |
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying...
1 affected package
gimp
| Package | 24.04 LTS |
|---|---|
| gimp | Needs evaluation |
Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the deny rule only matched dotted-decimal...
1 affected package
hugo
| Package | 24.04 LTS |
|---|---|
| hugo | Needs evaluation |
Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat,...
1 affected package
hugo
| Package | 24.04 LTS |
|---|---|
| hugo | Needs evaluation |
Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A...
1 affected package
hugo
| Package | 24.04 LTS |
|---|---|
| hugo | Needs evaluation |
Not in release
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0,...
1 affected package
optee-os
| Package | 24.04 LTS |
|---|---|
| optee-os | Not in release |
Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server (or an...
1 affected package
hugo
| Package | 24.04 LTS |
|---|---|
| hugo | Needs evaluation |
Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type (typically .html files under /content, or pages produced by a content adapter that...
1 affected package
hugo
| Package | 24.04 LTS |
|---|---|
| hugo | Needs evaluation |