Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 29 results


CVE-2024-23831

Medium priority
Vulnerable

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a...

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2021-3882

Medium priority
Vulnerable

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an...

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Vulnerable Not affected Needs evaluation
Show less packages

CVE-2021-3731

Medium priority

Some fixes available 2 of 11

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2021-3694

Medium priority

Some fixes available 2 of 11

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2021-3693

Medium priority

Some fixes available 2 of 11

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2017-2808

Medium priority

Some fixes available 12 of 17

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An...

1 affected packages

ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledger Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2017-2807

Medium priority

Some fixes available 12 of 17

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a...

1 affected packages

ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledger Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2017-12482

Medium priority

Some fixes available 12 of 17

The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

1 affected packages

ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledger Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2017-12481

Medium priority

Some fixes available 12 of 17

The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

1 affected packages

ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledger Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2009-4402

Medium priority
Vulnerable

The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Not in release Vulnerable
Show less packages