Search CVE reports
37791 – 37800 of 69503 results
Some fixes available 3 of 5
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
1 affected package
cobbler
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cobbler | — | — | — | — | — |
Some fixes available 3 of 5
cobbler: Web interface lacks CSRF protection when using Django framework
1 affected package
cobbler
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cobbler | — | — | — | — | — |
mpack 1.6 has information disclosure via eavesdropping on mails sent by other users
1 affected package
mpack
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mpack | — | — | — | — | — |
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
1 affected package
hhvm
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hhvm | Not in release | Not in release | Not in release | Not in release | Not affected |
surf: cookie jar has read access from other local user
1 affected package
surf
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| surf | — | — | — | — | — |
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
1 affected package
shiro
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| shiro | — | Ignored | Ignored | Ignored | Ignored |
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
1 affected package
tboot
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tboot | — | — | — | — | Not affected |
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
1 affected package
jenkins
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| jenkins | — | — | — | — | — |
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.
1 affected package
jenkins
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| jenkins | — | — | — | — | — |
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file...
1 affected package
lucene-solr
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| lucene-solr | — | — | — | — | Not affected |