Search CVE reports

Toggle filters

71 – 80 of 465 results

CVE-2023-23589

Medium priority
Needs evaluation

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

1 affected package

tor

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tor Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-22457

Medium priority
Needs evaluation

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ckeditor Not affected Not affected Not affected Not affected
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-45907

Medium priority
Needs evaluation

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pytorch Not in release Needs evaluation Not in release Not in release
Show less packages

CVE-2022-36180

Medium priority
Needs evaluation

Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS)...

1 affected package

fusiondirectory

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
fusiondirectory Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-36179

Medium priority
Needs evaluation

Fusiondirectory 1.3 suffers from Improper Session Handling.

1 affected package

fusiondirectory

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
fusiondirectory Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-39369

Medium priority

Some fixes available 4 of 9

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate...

3 affected packages

php-cas, ocsinventory-server, moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php-cas Not affected Fixed Fixed Ignored
ocsinventory-server Not affected Fixed Not affected Not affected
moodle Not in release Not in release Not in release Ignored
Show less packages

CVE-2022-31175

Medium priority
Needs evaluation

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript...

4 affected packages

request-tracker4, ckeditor, ckeditor3, ldap-account-manager

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor Not affected Not affected Not affected Not affected
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-33903

Medium priority
Ignored

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.

1 affected package

tor

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tor Not affected Not affected Not affected
Show less packages

CVE-2022-30187

Medium priority
Vulnerable

Azure Storage Library Information Disclosure Vulnerability

2 affected packages

python-azure, python-azure-storage

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-azure Not affected Vulnerable Not affected Not affected
python-azure-storage Not in release Not in release Ignored Ignored
Show less packages

CVE-2022-33070

Medium priority

Some fixes available 9 of 80

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

9 affected packages

argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
argyll Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ccextractor Needs evaluation Needs evaluation Needs evaluation
libgadu Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpg-query Needs evaluation Needs evaluation
libsignal-protocol-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ocserv Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pidgin Needs evaluation Needs evaluation Needs evaluation Needs evaluation
protobuf-c Fixed Fixed Fixed Needs evaluation
sudo Not affected Fixed Not affected Not affected
Show all 9 packages Show less packages
  1. Previous page
  2. 6
  3. 7
  4. 8
  5. 9
  6. 10
  7. Next page
Export to JSON