Search CVE reports
101 – 110 of 490 results
CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript...
4 affected packages
request-tracker4, ckeditor, ckeditor3, ldap-account-manager
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ckeditor | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
1 affected package
tor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tor | — | Not affected | Not affected | Not affected |
Azure Storage Library Information Disclosure Vulnerability
2 affected packages
python-azure, python-azure-storage
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-azure | Not affected | Vulnerable | Not affected | Not affected |
| python-azure-storage | Not in release | Not in release | Ignored | Ignored |
Some fixes available 10 of 87
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
9 affected packages
argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| argyll | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | — |
| libgadu | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libpg-query | Needs evaluation | Needs evaluation | — | — |
| libsignal-protocol-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ocserv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pidgin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| protobuf-c | Fixed | Fixed | Fixed | Needs evaluation |
| sudo | Not affected | Fixed | Not affected | Not affected |
Some fixes available 2 of 5
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector:...
1 affected package
ruby-devise-two-factor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-devise-two-factor | Not affected | Fixed | Fixed | Not in release |
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary...
1 affected package
ruby-asciidoctor-include-ext
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-asciidoctor-include-ext | Needs evaluation | Needs evaluation | Needs evaluation | — |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator...
4 affected packages
request-tracker4, ckeditor, ckeditor3, ldap-account-manager
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ckeditor | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor | Not affected | Vulnerable | Vulnerable | Vulnerable |
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a...
1 affected package
libmetadata-extractor-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libmetadata-extractor-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services...
1 affected package
libmetadata-extractor-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libmetadata-extractor-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |