Search CVE reports
21 – 30 of 1756 results
Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.
18 affected packages
linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | — |
| linux-armadaxp | — | — | — | — | — |
| linux-ec2 | — | — | — | — | — |
| linux-flo | — | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — | — |
| linux-goldfish | — | — | — | — | — |
| linux-grouper | — | — | — | — | — |
| linux-lts-backport-maverick | — | — | — | — | — |
| linux-lts-backport-natty | — | — | — | — | — |
| linux-lts-backport-oneiric | — | — | — | — | — |
| linux-lts-quantal | — | — | — | — | — |
| linux-lts-raring | — | — | — | — | — |
| linux-lts-saucy | — | — | — | — | — |
| linux-maguro | — | — | — | — | — |
| linux-mako | — | — | — | — | — |
| linux-manta | — | — | — | — | — |
| linux-mvl-dove | — | — | — | — | — |
| linux-ti-omap4 | — | — | — | — | — |
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery...
1 affected package
plantuml
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| plantuml | — | Not affected | Not affected | Not affected | Not affected |
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because...
1 affected package
libowasp-antisamy-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
1 affected package
libowasp-antisamy-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed...
1 affected package
libowasp-antisamy-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.
18 affected packages
linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | — |
| linux-armadaxp | — | — | — | — | — |
| linux-ec2 | — | — | — | — | — |
| linux-flo | — | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — | — |
| linux-goldfish | — | — | — | — | — |
| linux-grouper | — | — | — | — | — |
| linux-lts-backport-maverick | — | — | — | — | — |
| linux-lts-backport-natty | — | — | — | — | — |
| linux-lts-backport-oneiric | — | — | — | — | — |
| linux-lts-quantal | — | — | — | — | — |
| linux-lts-raring | — | — | — | — | — |
| linux-lts-saucy | — | — | — | — | — |
| linux-maguro | — | — | — | — | — |
| linux-mako | — | — | — | — | — |
| linux-manta | — | — | — | — | — |
| linux-mvl-dove | — | — | — | — | — |
| linux-ti-omap4 | — | — | — | — | — |
Some fixes available 6 of 9
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account...
1 affected package
plantuml
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| plantuml | — | Fixed | Fixed | Fixed | Fixed |
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
1 affected package
phantomjs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| phantomjs | — | — | — | Needs evaluation | Needs evaluation |
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
45 affected packages
enigma, freeciv, freedroidrpg, fs-uae, golly...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| enigma | Not affected | Not affected | Not affected | Not affected | Not affected |
| freeciv | Not affected | Not affected | Not affected | Not affected | Not affected |
| freedroidrpg | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| golly | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| gtk2-engines | Not affected | Not affected | Not affected | Not affected | Not affected |
| haskell-hslua | Not affected | Not affected | Not affected | Not affected | Not affected |
| hedgewars | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.1 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lua5.4 | Not affected | Not affected | Not affected | Not in release | Not in release |
| lua50 | Not in release | Not in release | Not in release | Not affected | Not affected |
| luajit | Not affected | Not affected | Not affected | Not affected | Not affected |
| mame | Not affected | Not affected | Not affected | Not affected | Not affected |
| naev | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | — |
| openscenegraph | Not affected | Not affected | Not affected | Not affected | Not affected |
| redis | Not affected | Not affected | Not affected | Not affected | Not affected |
| rust-lua52-sys | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | — |
| scite | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| scorched3d | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| scummvm | Not affected | Not affected | Not affected | Not affected | Not affected |
| spring | Not affected | Not affected | Not affected | Not affected | Not affected |
| syslinux | Not affected | Not affected | Not affected | Not affected | Not affected |
| syslinux-legacy | Not in release | Not in release | Not in release | Not affected | Not affected |
| tagua | Not in release | Not affected | Not affected | Not affected | Not affected |
| tarantool | Not in release | Needs evaluation | Needs evaluation | Ignored | — |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| tup | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | — |
| ufoai | Not affected | Not affected | Not affected | Not affected | Not affected |
| vifm | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| wcc | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| wesnoth | — | — | — | — | — |
| widelands | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmoto | Not affected | Not affected | Not affected | Not affected | Not affected |
| zfs-linux | Not affected | Not affected | Not affected | Not affected | Not affected |
| ardour | Not affected | Not affected | Not affected | Not affected | Not affected |
| blobby | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ceph | Not affected | Not affected | Not affected | Not affected | Not affected |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| eja | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| emscripten | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
| bam | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
1 affected package
libowasp-antisamy-java
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libowasp-antisamy-java | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |