Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2024-23831

Medium priority
Vulnerable

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a...

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2021-3882

Medium priority
Vulnerable

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an...

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Vulnerable Not affected Needs evaluation
Show less packages

CVE-2021-3731

Medium priority

Some fixes available 2 of 11

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2021-3694

Medium priority

Some fixes available 2 of 11

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2021-3693

Medium priority

Some fixes available 2 of 11

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

1 affected packages

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages