Search CVE reports


Toggle filters

1 – 10 of 1735 results


CVE-2024-13939

Medium priority
Needs evaluation

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: “If the lengths of the strings are different,...

1 affected package

libstring-compare-constanttime-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstring-compare-constanttime-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-54662

Medium priority
Vulnerable

Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.

1 affected package

dante

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dante Vulnerable Vulnerable Vulnerable Vulnerable Not affected
Show less packages

CVE-2024-6388

Medium priority

Some fixes available 5 of 6

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

1 affected package

ubuntu-advantage-desktop-daemon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ubuntu-advantage-desktop-daemon Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-3772

Medium priority

Some fixes available 2 of 3

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

1 affected package

pydantic

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pydantic Not affected Fixed Fixed
Show less packages

CVE-2024-23635

Medium priority
Needs evaluation

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML...

1 affected package

libowasp-antisamy-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libowasp-antisamy-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-43643

Medium priority
Needs evaluation

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of...

1 affected package

libowasp-antisamy-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libowasp-antisamy-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-3432

Medium priority
Ignored

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

1 affected package

plantuml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
plantuml Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-3431

Medium priority
Ignored

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.

1 affected package

plantuml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
plantuml Ignored Ignored Not affected Not affected Not affected
Show less packages

CVE-2022-4515

Medium priority
Fixed

A flaw was found in Exuberant Ctags in the way it handles the ”-o” option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary...

1 affected package

exuberant-ctags

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exuberant-ctags Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-42717

Medium priority
Needs evaluation

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host...

1 affected package

vagrant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
vagrant Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages