Search CVE reports
21 – 30 of 1750 results
Some fixes available 6 of 9
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account...
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Fixed | Fixed | Fixed | Fixed |
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
1 affected package
phantomjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phantomjs | — | — | Needs evaluation | Needs evaluation |
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
45 affected packages
enigma, freeciv, freedroidrpg, fs-uae, golly...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| enigma | Not affected | Not affected | Not affected | Not affected |
| freeciv | Not affected | Not affected | Not affected | Not affected |
| freedroidrpg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golly | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2 | Not affected | Not affected | Not affected | Not affected |
| gtk2-engines | Not affected | Not affected | Not affected | Not affected |
| haskell-hslua | Not affected | Not affected | Not affected | Not affected |
| hedgewars | Not affected | Not affected | Not affected | Not affected |
| lua5.1 | Not affected | Not affected | Not affected | Not affected |
| lua5.2 | Not affected | Not affected | Not affected | Not affected |
| lua5.3 | Not affected | Not affected | Not affected | Not affected |
| lua5.4 | Not affected | Not affected | Not in release | Not in release |
| lua50 | Not in release | Not in release | Not affected | Not affected |
| luajit | Not affected | Not affected | Not affected | Not affected |
| mame | Not affected | Not affected | Not affected | Not affected |
| naev | Needs evaluation | Needs evaluation | Needs evaluation | — |
| openscenegraph | Not affected | Not affected | Not affected | Not affected |
| redis | Not affected | Not affected | Not affected | Not affected |
| rust-lua52-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| scite | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| scorched3d | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| scummvm | Not affected | Not affected | Not affected | Not affected |
| spring | Not affected | Not affected | Not affected | Not affected |
| syslinux | Not affected | Not affected | Not affected | Not affected |
| syslinux-legacy | Not in release | Not in release | Not affected | Not affected |
| tagua | Not affected | Not affected | Not affected | Not affected |
| tarantool | Needs evaluation | Needs evaluation | Needs evaluation | — |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| tup | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ufoai | Not affected | Not affected | Not affected | Not affected |
| vifm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wcc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wesnoth | — | — | — | — |
| widelands | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmoto | Not affected | Not affected | Not affected | Not affected |
| zfs-linux | Not affected | Not affected | Not affected | Not affected |
| ardour | Not affected | Not affected | Not affected | Not affected |
| bam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blobby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ceph | Not affected | Not affected | Not affected | Not affected |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| eja | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| emscripten | Needs evaluation | Needs evaluation | — | Needs evaluation |
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
1 affected package
libowasp-antisamy-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt...
1 affected package
ant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ant | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache...
1 affected package
ant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ant | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.
23 affected packages
linux, linux-armadaxp, linux-linaro-omap, linux-linaro-shared, linux-linaro-vexpress...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux | — | — | — | — |
| linux-armadaxp | — | — | — | — |
| linux-linaro-omap | — | — | — | — |
| linux-linaro-shared | — | — | — | — |
| linux-linaro-vexpress | — | — | — | — |
| linux-lts-quantal | — | — | — | — |
| linux-lts-raring | — | — | — | — |
| linux-lts-saucy | — | — | — | — |
| linux-qcm-msm | — | — | — | — |
| linux-ti-omap4 | — | — | — | — |
| linux-flo | — | — | — | — |
| linux-goldfish | — | — | — | — |
| linux-grouper | — | — | — | — |
| linux-lts-trusty | — | — | — | — |
| linux-lts-utopic | — | — | — | — |
| linux-lts-vivid | — | — | — | — |
| linux-lts-wily | — | — | — | — |
| linux-lts-xenial | — | — | — | — |
| linux-maguro | — | — | — | — |
| linux-mako | — | — | — | — |
| linux-manta | — | — | — | — |
| linux-raspi2 | — | — | — | — |
| linux-snapdragon | — | — | — | — |
Some fixes available 1 of 5
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to...
1 affected package
pydantic
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pydantic | Not affected | Not affected | Fixed | Not in release |
Not in release
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | Not in release | Not in release |
This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
1 affected package
phantomjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phantomjs | Not in release | Not in release | Needs evaluation | Needs evaluation |