Search CVE reports
1 – 10 of 379 results
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when...
1 affected package
tinymce
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tinymce | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed...
1 affected package
tinymce
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tinymce | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass...
1 affected package
tinymce
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tinymce | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject...
1 affected package
tinymce
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tinymce | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 4 of 7
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
1 affected package
memcached
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| memcached | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 7
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
1 affected package
memcached
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| memcached | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 2 of 17
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54,...
6 affected packages
tomcat10, tomcat11, tomcat9, tomcat6, tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Vulnerable | Vulnerable | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| tomcat10 | Vulnerable | Vulnerable | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
Some fixes available 2 of 15
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| tomcat10 | Vulnerable | Vulnerable | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |
Some fixes available 2 of 15
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117,...
6 affected packages
tomcat8, tomcat9, tomcat6, tomcat7, tomcat10, tomcat11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | — | Vulnerable |
| tomcat9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| tomcat6 | Not in release | Not in release | Not in release | — | — |
| tomcat7 | Not in release | Not in release | Not in release | — | Not affected |
| tomcat10 | Vulnerable | Vulnerable | Not in release | — | — |
| tomcat11 | Vulnerable | Not in release | Not in release | — | — |