Search CVE reports
31 – 40 of 491 results
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is...
5 affected packages
insighttoolkit, insighttoolkit4, hdf5, insighttoolkit5, paraview
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| insighttoolkit | Not in release | Not in release | Not in release | — |
| insighttoolkit4 | Not in release | Needs evaluation | Ignored | Needs evaluation |
| hdf5 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Not in release | — |
| paraview | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit...
1 affected package
gh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gh | Not affected | Not affected | Not in release | — |
Some fixes available 5 of 12
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
2 affected packages
flightgear, simgear
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| flightgear | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| simgear | Fixed | Fixed | Fixed | Fixed |
Some fixes available 10 of 37
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | — |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 10 of 37
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
7 affected packages
openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openjpeg2 | Fixed | Fixed | Fixed | Fixed |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | — |
Some fixes available 1 of 3
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions...
1 affected package
gh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gh | Fixed | Not affected | Not in release | — |
Some fixes available 2 of 4
go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts...
1 affected package
golang-github-cli-go-gh-v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-cli-go-gh-v2 | Fixed | Not in release | Not in release | — |
Some fixes available 1 of 3
The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside...
1 affected package
gh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gh | Fixed | Not affected | Not in release | — |
Some fixes available 2 of 3
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the...
1 affected package
gh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gh | Fixed | Not affected | Not in release | — |
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Fixed | Fixed |