Search CVE reports
41 – 50 of 42294 results
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which...
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php
1 affected package
dokuwiki
| Package | 20.04 LTS |
|---|---|
| dokuwiki | Needs evaluation |
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 20.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 20.04 LTS |
|---|---|
| firefox | — |
| thunderbird | — |
| mozjs38 | — |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | — |
| mozjs91 | — |
| mozjs102 | — |
| mozjs115 | — |
In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management...
1 affected package
wpa
| Package | 20.04 LTS |
|---|---|
| wpa | Needs evaluation |
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within...
1 affected package
glib2.0
| Package | 20.04 LTS |
|---|---|
| glib2.0 | Needs evaluation |