Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2022-25299

Medium priority
Needs evaluation

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.

1 affected packages

phantomjs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phantomjs Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-7739

Medium priority
Needs evaluation

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.

1 affected packages

phantomjs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phantomjs Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2015-9541

Low priority
Vulnerable

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

5 affected packages

phantomjs, pyside, pyside2, qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phantomjs Not in release Not in release Vulnerable Vulnerable Vulnerable
pyside Not in release Not in release Not in release Vulnerable Vulnerable
pyside2 Vulnerable Vulnerable Vulnerable Not in release Needs evaluation
qt4-x11 Not in release Not in release Not in release Vulnerable Vulnerable
qtbase-opensource-src Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-17221

Medium priority
Vulnerable

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and...

1 affected packages

phantomjs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phantomjs Not in release Not in release Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2013-4549

Medium priority

Some fixes available 29 of 39

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

3 affected packages

phantomjs, qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phantomjs Not affected Not affected
qt4-x11 Fixed Fixed
qtbase-opensource-src Fixed Fixed
Show less packages