Search CVE reports
1 – 10 of 29 results
CVE-2024-23831
Medium priorityLedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a...
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Vulnerable | Vulnerable | Not affected | Not affected |
CVE-2021-3882
Medium priorityLedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an...
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Vulnerable | Not affected | Needs evaluation |
CVE-2021-3731
Medium prioritySome fixes available 2 of 11
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Fixed | Needs evaluation | Needs evaluation |
CVE-2021-3694
Medium prioritySome fixes available 2 of 11
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Fixed | Needs evaluation | Needs evaluation |
CVE-2021-3693
Medium prioritySome fixes available 2 of 11
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Fixed | Needs evaluation | Needs evaluation |
CVE-2017-2808
Medium prioritySome fixes available 12 of 17
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An...
1 affected packages
ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledger | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2017-2807
Medium prioritySome fixes available 12 of 17
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a...
1 affected packages
ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledger | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2017-12482
Medium prioritySome fixes available 12 of 17
The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
1 affected packages
ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledger | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2017-12481
Medium prioritySome fixes available 12 of 17
The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
1 affected packages
ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledger | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2009-4402
Medium priorityThe default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | Not in release | Not in release | Not in release | Not in release | Vulnerable |