Search CVE reports
11 – 20 of 1750 results
Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Ignored | Ignored | Not affected | Not affected |
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary...
1 affected package
exuberant-ctags
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| exuberant-ctags | — | Fixed | Fixed | Fixed |
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host...
1 affected package
vagrant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vagrant | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because...
1 affected package
libowasp-antisamy-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
1 affected package
libowasp-antisamy-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed...
1 affected package
libowasp-antisamy-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
1 affected package
phantomjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| phantomjs | — | — | Needs evaluation | Needs evaluation |
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery...
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 9
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account...
1 affected package
plantuml
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| plantuml | Fixed | Fixed | Fixed | Fixed |
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
45 affected packages
enigma, freeciv, freedroidrpg, fs-uae, golly...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| enigma | Not affected | Not affected | Not affected | Not affected |
| freeciv | Not affected | Not affected | Not affected | Not affected |
| freedroidrpg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golly | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| grub2 | Not affected | Not affected | Not affected | Not affected |
| gtk2-engines | Not affected | Not affected | Not affected | Not affected |
| haskell-hslua | Not affected | Not affected | Not affected | Not affected |
| hedgewars | Not affected | Not affected | Not affected | Not affected |
| lua5.1 | Not affected | Not affected | Not affected | Not affected |
| lua5.2 | Not affected | Not affected | Not affected | Not affected |
| lua5.3 | Not affected | Not affected | Not affected | Not affected |
| lua5.4 | Not affected | Not affected | Not in release | Not in release |
| lua50 | Not in release | Not in release | Not affected | Not affected |
| luajit | Not affected | Not affected | Not affected | Not affected |
| mame | Not affected | Not affected | Not affected | Not affected |
| naev | Needs evaluation | Needs evaluation | Needs evaluation | — |
| openscenegraph | Not affected | Not affected | Not affected | Not affected |
| redis | Not affected | Not affected | Not affected | Not affected |
| rust-lua52-sys | Needs evaluation | Needs evaluation | Needs evaluation | — |
| scite | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| scorched3d | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| scummvm | Not affected | Not affected | Not affected | Not affected |
| spring | Not affected | Not affected | Not affected | Not affected |
| syslinux | Not affected | Not affected | Not affected | Not affected |
| syslinux-legacy | Not in release | Not in release | Not affected | Not affected |
| tagua | Not affected | Not affected | Not affected | Not affected |
| tarantool | Needs evaluation | Needs evaluation | Needs evaluation | — |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| tup | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ufoai | Not affected | Not affected | Not affected | Not affected |
| vifm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wcc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wesnoth | — | — | — | — |
| widelands | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmoto | Not affected | Not affected | Not affected | Not affected |
| zfs-linux | Not affected | Not affected | Not affected | Not affected |
| ardour | Not affected | Not affected | Not affected | Not affected |
| bam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blobby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ceph | Not affected | Not affected | Not affected | Not affected |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| eja | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| emscripten | Needs evaluation | Needs evaluation | — | Needs evaluation |