Search CVE reports


Toggle filters

261 – 270 of 1279 results


CVE-2024-47534

Medium priority
Needs evaluation

go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the...

1 affected package

golang-github-endophage-gotuf

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-endophage-gotuf Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-9029

Medium priority
Vulnerable

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not...

1 affected package

freeimage

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freeimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-45613

Medium priority
Needs evaluation

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered...

4 affected packages

ldap-account-manager, request-tracker4, ckeditor, ckeditor3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor Not in release Not affected Not affected Not affected Not affected
ckeditor3 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-31570

Medium priority
Vulnerable

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.

1 affected package

freeimage

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freeimage Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-44082

Medium priority

Some fixes available 2 of 14

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img,...

2 affected packages

ironic, ironic-python-agent

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ironic Needs evaluation Fixed Fixed Needs evaluation Needs evaluation
ironic-python-agent Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2024-43411

Negligible priority
Vulnerable

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over...

4 affected packages

ckeditor, ldap-account-manager, request-tracker4, ckeditor3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ckeditor Not in release Vulnerable Not affected Not affected Not affected
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-43407

Medium priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in...

5 affected packages

geshi, ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
geshi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor Not in release Not affected Not affected Not affected Not affected
ckeditor3 Not in release Not affected Not affected Not affected Not affected
ldap-account-manager Not affected Not affected Not affected Not affected Not affected
request-tracker4 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-5651

Medium priority
Not affected

A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A...

1 affected package

fence-agents

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
fence-agents Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-41817

Medium priority
Not affected

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and...

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-40630

Medium priority
Needs evaluation

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature...

1 affected package

openimageio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openimageio Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages