Search CVE reports
1 – 10 of 424 results
CVE-2024-45613
Medium priorityCKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-8796
Medium priorityUnder the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to...
1 affected packages
ruby-devise-two-factor
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-devise-two-factor | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
CVE-2024-45239
Medium priorityAn issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the...
1 affected packages
fort-validator
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
fort-validator | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-45238
Medium priorityAn issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a...
1 affected packages
fort-validator
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
fort-validator | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-45237
Medium priorityAn issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two...
1 affected packages
fort-validator
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
fort-validator | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-45236
Medium priorityAn issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses...
1 affected packages
fort-validator
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
fort-validator | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-45235
Medium priorityAn issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks...
1 affected packages
fort-validator
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
fort-validator | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-45234
Medium priorityAn issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...
1 affected packages
fort-validator
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
fort-validator | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-43791
Medium priorityRequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This...
1 affected packages
ruby-request-store
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-request-store | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-43411
Negligible priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |