Search CVE reports
111 – 120 of 28153 results
CVE-2024-13723
Medium priorityNot in release
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the...
2 affected packages
check-mk, nagvis
| Package | 20.04 LTS |
|---|---|
| check-mk | Not in release |
| nagvis | Not in release |
CVE-2024-13722
Medium priorityNot in release
The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be...
2 affected packages
check-mk, nagvis
| Package | 20.04 LTS |
|---|---|
| check-mk | Not in release |
| nagvis | Not in release |
CVE-2025-0509
Medium priorityA security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
11 affected packages
openjdk-13, openjdk-16, openjdk-17, openjdk-18, openjdk-19...
| Package | 20.04 LTS |
|---|---|
| openjdk-13 | Ignored |
| openjdk-16 | Ignored |
| openjdk-17 | Not affected |
| openjdk-18 | Not in release |
| openjdk-19 | Not in release |
| openjdk-21 | Not affected |
| openjdk-22 | Not in release |
| openjdk-23 | Not in release |
| openjdk-8 | Not affected |
| openjdk-9 | Not in release |
| openjdk-lts | Not affected |
CVE-2025-0825
Medium priorityNot in release
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting,...
1 affected package
cpp-httplib
| Package | 20.04 LTS |
|---|---|
| cpp-httplib | Not in release |
CVE-2025-1020
Medium prioritySome fixes available 1 of 4
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 20.04 LTS |
|---|---|
| firefox | Fixed |
| mozjs102 | Not in release |
| mozjs115 | Not in release |
| mozjs38 | Not in release |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Vulnerable |
CVE-2025-1019
Medium prioritySome fixes available 1 of 4
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 20.04 LTS |
|---|---|
| firefox | Fixed |
| mozjs102 | Not in release |
| mozjs115 | Not in release |
| mozjs38 | Not in release |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Vulnerable |
CVE-2025-1018
Medium prioritySome fixes available 1 of 4
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 20.04 LTS |
|---|---|
| firefox | Fixed |
| mozjs102 | Not in release |
| mozjs115 | Not in release |
| mozjs38 | Not in release |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| thunderbird | Vulnerable |
CVE-2025-1015
Medium priorityThe Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the...
1 affected package
thunderbird
| Package | 20.04 LTS |
|---|---|
| thunderbird | Needs evaluation |
CVE-2025-0510
Medium priorityThunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
1 affected package
thunderbird
| Package | 20.04 LTS |
|---|---|
| thunderbird | Needs evaluation |
CVE-2025-24959
Medium priorityNot in release
zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior...
1 affected package
node-zx
| Package | 20.04 LTS |
|---|---|
| node-zx | Not in release |