Search CVE reports
111 – 120 of 495 results
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary...
1 affected package
ruby-asciidoctor-include-ext
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-asciidoctor-include-ext | Needs evaluation | Needs evaluation | Needs evaluation | — |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator...
4 affected packages
request-tracker4, ckeditor, ckeditor3, ldap-account-manager
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ckeditor | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ldap-account-manager | Needs evaluation | Needs evaluation | Ignored | Ignored |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor | Not affected | Vulnerable | Vulnerable | Vulnerable |
| ckeditor3 | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ldap-account-manager | Needs evaluation | Needs evaluation | Ignored | Ignored |
| request-tracker4 | Needs evaluation | Needs evaluation | Ignored | Ignored |
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a...
1 affected package
libmetadata-extractor-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libmetadata-extractor-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services...
1 affected package
libmetadata-extractor-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libmetadata-extractor-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it...
2 affected packages
kate, ktexteditor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kate | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ktexteditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...
1 affected package
mysql-connector-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mysql-connector-java | — | — | — | Needs evaluation |
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor | Not affected | Needs evaluation | Ignored | Ignored |
| ckeditor3 | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ldap-account-manager | Needs evaluation | Needs evaluation | Ignored | Ignored |
| request-tracker4 | Needs evaluation | Needs evaluation | Ignored | Ignored |
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to...
4 affected packages
ckeditor3, ldap-account-manager, request-tracker4, ckeditor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor3 | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ldap-account-manager | Needs evaluation | Needs evaluation | Ignored | Ignored |
| request-tracker4 | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ckeditor | Not affected | Needs evaluation | Ignored | Ignored |
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache...
2 affected packages
cfrpki, fort-validator
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | Not in release | Not affected | — | — |
| fort-validator | Not affected | Not affected | Vulnerable | — |