Search CVE reports
1 – 10 of 30 results
CVE-2024-45613
Medium priorityCKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-43411
Negligible priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-43407
Medium priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-23333
Medium priorityLDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by...
1 affected packages
ldap-account-manager
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-24816
Medium priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature....
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-24815
Medium priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-4771
Medium priorityA Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-28439
Medium priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-27560
Medium priorityMath/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
3 affected packages
ldap-account-manager, php-phpseclib, php-phpseclib3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
php-phpseclib | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
php-phpseclib3 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
CVE-2022-48110
Medium priority** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Not affected | Not affected | Not affected | Not affected | Not affected |
ckeditor3 | Not affected | Not affected | Not affected | Not affected | Ignored |
ldap-account-manager | Not affected | Not affected | Not affected | Not affected | Not affected |
request-tracker4 | Not affected | Not affected | Not affected | Not affected | Not affected |