Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2021-36408: Heap-use-after-free in intrapred.h when decoding file · Issue #299 · strukturag/libde265

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

CVE
#ubuntu#linux
CVE-2021-36409: There is an Assertion failed at sps.cc · Issue #300 · strukturag/libde265

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

CVE-2021-36411: A SEGV has occurred when running program dec265 · Issue #302 · strukturag/libde265

An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

CVE-2021-36410: stack-buffer-overflow in fallback-motion.cc when decoding file · Issue #301 · strukturag/libde265

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

CVE-2021-35452: SEGV in slice.cc · Issue #298 · strukturag/libde265

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

CVE-2022-22844: tiffset: Global-buffer-overflow in _TIFFmemcpy, tif_unix.c:346 (#355) · Issues · libtiff / libtiff · GitLab

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

CVE-2022-22844: tiffset: Global-buffer-overflow in _TIFFmemcpy, tif_unix.c:346 (#355) · Issues · libtiff / libtiff

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

CVE-2020-29050: CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

CVE-2021-45334: Online Thesis Archiving System 1.0 SQL Injection

Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection

CVE-2021-25743: ANSI escape characters in kubectl output are not being filtered · Issue #101695 · kubernetes/kubernetes

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.