Search CVE reports
81 – 90 of 490 results
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript...
1 affected package
lektor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lektor | Needs evaluation | Needs evaluation | Needs evaluation | — |
Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request...
1 affected package
icingaweb2-module-director
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| icingaweb2-module-director | Needs evaluation | Needs evaluation | Needs evaluation | — |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature....
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 7 of 9
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
1 affected package
python-glance-store
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-glance-store | Fixed | Fixed | Fixed | Needs evaluation |
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor | Not affected | Not affected | Vulnerable | Vulnerable |
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A...
1 affected package
qbittorrent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qbittorrent | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 11
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
2 affected packages
python-tornado, salt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-tornado | Not affected | Fixed | Fixed | Fixed |
| salt | Not in release | Needs evaluation | Not in release | Needs evaluation |
Some fixes available 10 of 30
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...
5 affected packages
python-glance-store, python-os-brick, nova, ironic, cinder
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-glance-store | — | Fixed | Ignored | Ignored |
| python-os-brick | — | Fixed | Ignored | Ignored |
| nova | — | Fixed | Ignored | Ignored |
| ironic | — | Fixed | Ignored | Ignored |
| cinder | — | Fixed | Ignored | Ignored |