Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 450 results


CVE-2024-53859

Medium priority
Needs evaluation

go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts...

1 affected packages

golang-github-cli-go-gh-v2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-cli-go-gh-v2 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-53858

Medium priority
Needs evaluation

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside...

1 affected packages

gh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gh Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-52308

High priority
Fixed

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the...

1 affected packages

gh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gh Fixed Not affected Not in release
Show less packages

CVE-2024-46956

Medium priority

Some fixes available 4 of 6

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

1 affected packages

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-46955

Medium priority

Some fixes available 4 of 6

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

1 affected packages

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-46954

Medium priority
Fixed

An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.

1 affected packages

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-46953

Medium priority

Some fixes available 4 of 6

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and...

1 affected packages

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-46952

Medium priority
Fixed

An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).

1 affected packages

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-46951

Medium priority

Some fixes available 4 of 6

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.

1 affected packages

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-50602

Medium priority
Needs evaluation

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages