Search CVE reports
171 – 180 of 36570 results
CVE-2024-45009
Medium priorityIn the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing...
121 affected packages
linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...
| Package | 16.04 LTS |
|---|---|
| linux | Not affected |
| linux-allwinner-5.19 | — |
| linux-aws | Not affected |
| linux-aws-5.0 | — |
| linux-aws-5.11 | — |
| linux-aws-5.13 | — |
| linux-aws-5.15 | — |
| linux-aws-5.19 | — |
| linux-aws-5.3 | — |
| linux-aws-5.4 | — |
| linux-aws-5.8 | — |
| linux-aws-6.2 | — |
| linux-aws-6.5 | — |
| linux-aws-fips | — |
| linux-aws-hwe | Not affected |
| linux-azure | Not affected |
| linux-azure-4.15 | — |
| linux-azure-5.11 | — |
| linux-azure-5.13 | — |
| linux-azure-5.15 | — |
| linux-azure-5.19 | — |
| linux-azure-5.3 | — |
| linux-azure-5.4 | — |
| linux-azure-5.8 | — |
| linux-azure-6.2 | — |
| linux-azure-6.5 | — |
| linux-azure-edge | — |
| linux-azure-fde | — |
| linux-azure-fde-5.15 | — |
| linux-azure-fde-5.19 | — |
| linux-azure-fde-6.2 | — |
| linux-azure-fips | — |
| linux-bluefield | — |
| linux-fips | — |
| linux-gcp | Not affected |
| linux-gcp-4.15 | — |
| linux-gcp-5.11 | — |
| linux-gcp-5.13 | — |
| linux-gcp-5.15 | — |
| linux-gcp-5.19 | — |
| linux-gcp-5.3 | — |
| linux-gcp-5.4 | — |
| linux-gcp-5.8 | — |
| linux-gcp-6.2 | — |
| linux-gcp-6.5 | — |
| linux-gcp-fips | — |
| linux-gke | — |
| linux-gke-4.15 | — |
| linux-gke-5.15 | — |
| linux-gke-5.4 | — |
| linux-gkeop | — |
| linux-gkeop-5.15 | — |
| linux-gkeop-5.4 | — |
| linux-hwe | Not affected |
| linux-hwe-5.11 | — |
| linux-hwe-5.13 | — |
| linux-hwe-5.15 | — |
| linux-hwe-5.19 | — |
| linux-hwe-5.4 | — |
| linux-hwe-5.8 | — |
| linux-hwe-6.2 | — |
| linux-hwe-6.5 | — |
| linux-hwe-6.8 | — |
| linux-hwe-edge | Ignored |
| linux-ibm | — |
| linux-ibm-5.15 | — |
| linux-ibm-5.4 | — |
| linux-intel | Not in release |
| linux-intel-5.13 | — |
| linux-intel-iot-realtime | — |
| linux-intel-iotg | — |
| linux-intel-iotg-5.15 | — |
| linux-iot | — |
| linux-kvm | Not affected |
| linux-lowlatency | — |
| linux-lowlatency-hwe-5.15 | — |
| linux-lowlatency-hwe-5.19 | — |
| linux-lowlatency-hwe-6.2 | — |
| linux-lowlatency-hwe-6.5 | — |
| linux-lowlatency-hwe-6.8 | — |
| linux-lts-xenial | — |
| linux-nvidia | — |
| linux-nvidia-6.2 | — |
| linux-nvidia-6.5 | — |
| linux-nvidia-6.8 | — |
| linux-nvidia-lowlatency | — |
| linux-oem | — |
| linux-oem-5.10 | — |
| linux-oem-5.13 | — |
| linux-oem-5.14 | — |
| linux-oem-5.17 | — |
| linux-oem-5.6 | — |
| linux-oem-6.0 | — |
| linux-oem-6.1 | — |
| linux-oem-6.5 | — |
| linux-oem-6.8 | — |
| linux-oracle | Not affected |
| linux-oracle-5.0 | — |
| linux-oracle-5.11 | — |
| linux-oracle-5.13 | — |
| linux-oracle-5.15 | — |
| linux-oracle-5.3 | — |
| linux-oracle-5.4 | — |
| linux-oracle-5.8 | — |
| linux-oracle-6.5 | — |
| linux-raspi | — |
| linux-raspi-5.4 | — |
| linux-raspi-realtime | — |
| linux-raspi2 | — |
| linux-realtime | — |
| linux-riscv | — |
| linux-riscv-5.11 | — |
| linux-riscv-5.15 | — |
| linux-riscv-5.19 | — |
| linux-riscv-5.8 | — |
| linux-riscv-6.5 | — |
| linux-riscv-6.8 | — |
| linux-starfive-5.19 | — |
| linux-starfive-6.2 | — |
| linux-starfive-6.5 | — |
| linux-xilinx-zynqmp | — |
CVE-2024-40662
Medium priorityIn scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
2 affected packages
android-framework-23, android-platform-frameworks-base
| Package | 16.04 LTS |
|---|---|
| android-framework-23 | — |
| android-platform-frameworks-base | Needs evaluation |
CVE-2024-40658
Medium priorityIn getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User...
2 affected packages
android-platform-frameworks-native, android-platform-tools
| Package | 16.04 LTS |
|---|---|
| android-platform-frameworks-native | Not affected |
| android-platform-tools | — |
CVE-2024-8096
Medium priorityWhen curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the...
1 affected packages
curl
| Package | 16.04 LTS |
|---|---|
| curl | Needs evaluation |
CVE-2024-45409
Medium priorityThe Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to...
1 affected packages
ruby-saml
| Package | 16.04 LTS |
|---|---|
| ruby-saml | Needs evaluation |
CVE-2024-45590
Medium prioritybody-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of...
1 affected packages
node-body-parser
| Package | 16.04 LTS |
|---|---|
| node-body-parser | Needs evaluation |
CVE-2024-45044
Medium priorityBareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check...
1 affected packages
bareos
| Package | 16.04 LTS |
|---|---|
| bareos | Needs evaluation |
CVE-2024-43800
Medium priorityserve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
1 affected packages
node-serve-static
| Package | 16.04 LTS |
|---|---|
| node-serve-static | Needs evaluation |
CVE-2024-43799
Medium prioritySend is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
1 affected packages
node-send
| Package | 16.04 LTS |
|---|---|
| node-send | Needs evaluation |
CVE-2024-43796
Medium priorityExpress.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
1 affected packages
node-express
| Package | 16.04 LTS |
|---|---|
| node-express | Needs evaluation |