Search CVE reports


Toggle filters

61 – 70 of 37910 results

Status is adjusted based on your filters.


CVE-2024-47539

Medium priority
Needs evaluation

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy...

2 affected packages

gst-plugins-good0.10, gst-plugins-good1.0

Package 16.04 LTS
gst-plugins-good0.10 Needs evaluation
gst-plugins-good1.0 Needs evaluation
Show less packages

CVE-2024-47538

Medium priority
Needs evaluation

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a...

2 affected packages

gst-plugins-base0.10, gst-plugins-base1.0

Package 16.04 LTS
gst-plugins-base0.10 Needs evaluation
gst-plugins-base1.0 Needs evaluation
Show less packages

CVE-2024-47537

Medium priority
Needs evaluation

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type...

2 affected packages

gst-plugins-good0.10, gst-plugins-good1.0

Package 16.04 LTS
gst-plugins-good0.10 Needs evaluation
gst-plugins-good1.0 Needs evaluation
Show less packages

CVE-2024-45337

Medium priority
Needs evaluation

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not...

3 affected packages

golang-go.crypto, lxd, snapd

Package 16.04 LTS
golang-go.crypto Needs evaluation
lxd Needs evaluation
snapd Needs evaluation
Show less packages

CVE-2024-4109

Medium priority
Needs evaluation

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead...

1 affected package

undertow

Package 16.04 LTS
undertow Needs evaluation
Show less packages

CVE-2024-12570

Medium priority
Ignored

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's...

1 affected package

gitlab

Package 16.04 LTS
gitlab Ignored
Show less packages

CVE-2024-12292

Medium priority
Ignored

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations...

1 affected package

gitlab

Package 16.04 LTS
gitlab Ignored
Show less packages

CVE-2024-11274

Medium priority
Ignored

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could...

1 affected package

gitlab

Package 16.04 LTS
gitlab Ignored
Show less packages

CVE-2024-10043

Medium priority
Ignored

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to...

1 affected package

gitlab

Package 16.04 LTS
gitlab Ignored
Show less packages

CVE-2024-48912

Medium priority
Needs evaluation

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch...

1 affected package

glpi

Package 16.04 LTS
glpi Needs evaluation
Show less packages