Search CVE reports
1 – 6 of 6 results
CVE-2020-13152
Low priorityA remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to...
1 affected packages
amarok
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| amarok | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2009-0136
Medium priorityMultiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code...
1 affected packages
amarok
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| amarok | — | — | — | — | — |
CVE-2009-0135
Medium priorityMultiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1)...
1 affected packages
amarok
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| amarok | — | — | — | — | — |
CVE-2008-3699
Low prioritySome fixes available 2 of 3
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
1 affected packages
amarok
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| amarok | — | — | — | — | — |
CVE-2006-6979
Unknown priorityThe ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
1 affected packages
amarok
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| amarok | — | — | — | — | — |
CVE-2006-2314
Unknown prioritySome fixes available 21 of 24
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte...
14 affected packages
amarok, dovecot, exim4, libapache2-mod-auth-pgsql, php5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| amarok | — | — | — | — | — |
| dovecot | — | — | — | — | — |
| exim4 | — | — | — | — | — |
| libapache2-mod-auth-pgsql | — | — | — | — | — |
| php5 | — | — | — | — | — |
| postfix | — | — | — | — | — |
| postgresql | — | — | — | — | — |
| postgresql-7.4 | — | — | — | — | — |
| postgresql-8.1 | — | — | — | — | — |
| postgresql-8.2 | — | — | — | — | — |
| psycopg | — | — | — | — | — |
| psycopg2 | — | — | — | — | — |
| pygresql | — | — | — | — | — |
| python-pgsql | — | — | — | — | — |