Search CVE reports
371 – 380 of 1279 results
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic...
2 affected packages
gitlab-agent, gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab-agent | Needs evaluation | Needs evaluation | Not in release | Not in release | — |
| gitlab | Not in release | Not in release | Not in release | Not in release | — |
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An...
1 affected package
openimageio
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openimageio | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious...
1 affected package
openimageio
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openimageio | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a...
1 affected package
openimageio
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openimageio | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation...
1 affected package
imagemagick
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| imagemagick | Fixed | Fixed | Fixed | Fixed | Not affected |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after...
4 affected packages
ldap-account-manager, request-tracker4, ckeditor, ckeditor3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ckeditor | Not in release | Not affected | Vulnerable | Vulnerable | Vulnerable |
| ckeditor3 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 33
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
7 affected packages
xemacs21, xemacs21-packages, emacs, emacs23, emacs24...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emacs | Not affected | Not affected | Fixed | Fixed | Not in release |
| emacs23 | — | — | Not in release | Not in release | Not in release |
| emacs24 | — | — | Not in release | Not in release | Not in release |
| emacs25 | — | — | Not in release | Not in release | Fixed |
| org-mode | Not affected | Not affected | Fixed | Not affected | Not affected |
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
6 affected packages
xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emacs | Not affected | Not affected | Not affected | Not affected | Not in release |
| emacs23 | — | — | Not in release | Not in release | Not in release |
| emacs24 | — | — | Not in release | Not in release | Not in release |
| emacs25 | — | — | Not in release | Not in release | Not affected |
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
6 affected packages
xemacs21, xemacs21-packages, emacs, emacs23, emacs24, emacs25
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xemacs21 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xemacs21-packages | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emacs | Not affected | Not affected | Not affected | Not affected | Not in release |
| emacs23 | — | — | Not in release | Not in release | Not in release |
| emacs24 | — | — | Not in release | Not in release | Not in release |
| emacs25 | — | — | Not in release | Not in release | Not affected |
Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
3 affected packages
ldap-account-manager, php-phpseclib, php-phpseclib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| php-phpseclib | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| php-phpseclib3 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |