Search CVE reports
1 – 10 of 20 results
CVE-2023-1183
Medium priorityA flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the...
1 affected package
hsqldb1.8.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hsqldb1.8.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-0614
Medium prioritySome fixes available 9 of 15
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
2 affected packages
ldb, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
samba | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2022-41853
Medium priorityThose using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any...
1 affected package
hsqldb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hsqldb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-32746
Medium prioritySome fixes available 9 of 17
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when...
2 affected packages
ldb, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | Not in release | Fixed | Fixed | Ignored | Needs evaluation |
samba | Fixed | Fixed | Fixed | Ignored | Needs evaluation |
CVE-2021-3670
Low prioritySome fixes available 2 of 10
MaxQueryDuration not honoured in Samba AD DC LDAP
2 affected packages
ldb, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | Not in release | Not affected | Fixed | Vulnerable | Needs evaluation |
samba | Not affected | Not affected | Fixed | Vulnerable | Needs evaluation |
CVE-2021-43668
Low priorityGo-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
1 affected package
golang-goleveldb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-goleveldb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-20277
High priorityA flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from...
2 affected packages
ldb, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | — | — | Fixed | Fixed | Fixed |
samba | — | — | Not affected | Not affected | Not affected |
CVE-2020-27840
High priorityA flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The...
2 affected packages
ldb, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | — | — | Fixed | Fixed | Fixed |
samba | — | — | Not affected | Not affected | Not affected |
CVE-2019-12300
Medium prioritySome fixes available 11 of 14
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login...
1 affected package
buildbot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
buildbot | Fixed | Fixed | Fixed | Vulnerable | Not affected |
CVE-2019-3824
Medium priorityA flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw...
1 affected package
ldb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | — | — | — | Fixed | Fixed |