Search CVE reports
351 – 360 of 43898 results
Some fixes available 1 of 2
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
1 affected package
freetype
| Package | 22.04 LTS |
|---|---|
| freetype | Needs evaluation |
A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service
1 affected package
gpac
| Package | 22.04 LTS |
|---|---|
| gpac | Needs evaluation |