Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 424 results


CVE-2024-45613

Medium priority
Needs evaluation

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-8796

Medium priority
Needs evaluation

Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to...

1 affected packages

ruby-devise-two-factor

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-devise-two-factor Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45239

Medium priority
Needs evaluation

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the...

1 affected packages

fort-validator

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fort-validator Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45238

Medium priority
Needs evaluation

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a...

1 affected packages

fort-validator

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fort-validator Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45237

Medium priority
Needs evaluation

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two...

1 affected packages

fort-validator

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fort-validator Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45236

Medium priority
Needs evaluation

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses...

1 affected packages

fort-validator

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fort-validator Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45235

Medium priority
Needs evaluation

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks...

1 affected packages

fort-validator

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fort-validator Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45234

Medium priority
Needs evaluation

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...

1 affected packages

fort-validator

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fort-validator Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-43791

Medium priority
Needs evaluation

RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This...

1 affected packages

ruby-request-store

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-request-store Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-43411

Negligible priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages