CVE search results

11 – 20 of 94 results

Detailed view

Sort by:

CVE-2023-2798

Medium priority

Needs evaluation

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack...

2 affected packages

htmlunit, jenkins-htmlunit-core-js

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
htmlunit	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
jenkins-htmlunit-core-js	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-26923

Medium priority

Needs evaluation

Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. If attacker can additional information, attacker can execute arbitrary code.

1 affected packages

musescore

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
musescore	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-0341

Medium priority

Fixed

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6...

1 affected packages

editorconfig-core

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
editorconfig-core	Not affected	Fixed	Fixed	Fixed	Fixed

CVE-2022-3064

Medium priority

Some fixes available 3 of 26

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-github-coreos-discovery-etcd-io	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
golang-gopkg-yaml.v3	Not affected	Not affected	Not in release	Not in release	Ignored
golang-yaml.v2	Not affected	Not affected	Fixed	Fixed	Fixed
kubernetes	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
singularity-container	Needs evaluation	Not in release	Not in release	Needs evaluation	Ignored
webhook	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-4235

Medium priority

Some fixes available 3 of 26

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-github-coreos-discovery-etcd-io	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
golang-gopkg-yaml.v3	Not affected	Not affected	Not in release	Not in release	Ignored
golang-yaml.v2	Not affected	Not affected	Fixed	Fixed	Fixed
kubernetes	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
singularity-container	Needs evaluation	Not in release	Not in release	Needs evaluation	Ignored
webhook	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2017-20146

Medium priority

Needs evaluation

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.

2 affected packages

golang-github-coreos-discovery-etcd-io, golang-github-gorilla-handlers

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-github-coreos-discovery-etcd-io	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
golang-github-gorilla-handlers	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-3697

Medium priority

Some fixes available 3 of 10

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the...

2 affected packages

ansible, ansible-core

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ansible	Not affected	Fixed	Fixed	Fixed	Not affected
ansible-core	Needs evaluation	Needs evaluation	Not in release	Not in release	Not in release

CVE-2022-39286

Medium priority

Fixed

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing...

1 affected packages

jupyter-core

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jupyter-core	—	Fixed	Fixed	Fixed	Ignored

CVE-2022-2568

Medium priority

Needs evaluation

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove...

3 affected packages

ansible, ansible-base, ansible-core

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ansible	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ansible-base	Not in release	Not in release	Not in release	Not in release	Not in release
ansible-core	Needs evaluation	Needs evaluation	Not in release	Not in release	Not in release

CVE-2022-29264

Medium priority

Needs evaluation

An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.

1 affected packages

coreboot

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
coreboot	Needs evaluation	Not in release	Not in release	Not in release	Ignored

Export to JSON

Results by page:

Search CVE reports