Search CVE reports
1 – 10 of 4202 results
CVE-2024-8312
Medium priorityAn issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.
1 affected packages
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gitlab | Not in release | Not in release | Not in release | — | Ignored |
CVE-2024-6826
Medium priorityAn issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.
1 affected packages
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gitlab | Not in release | Not in release | Not in release | — | Ignored |
CVE-2024-49760
Medium priorityOpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`....
1 affected packages
openrefine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openrefine | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-48426
Medium priorityA segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| assimp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-3d | Needs evaluation | Needs evaluation | Not in release | — | — |
| qt6-quick3d | Needs evaluation | Needs evaluation | Not in release | — | — |
| spring | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-48425
Medium priorityA segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at...
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| assimp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-3d | Needs evaluation | Needs evaluation | Not in release | — | — |
| qt6-quick3d | Needs evaluation | Needs evaluation | Not in release | — | — |
| spring | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-48424
Medium priorityA heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
4 affected packages
assimp, qt6-3d, qt6-quick3d, spring
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| assimp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-3d | Needs evaluation | Needs evaluation | Not in release | — | — |
| qt6-quick3d | Needs evaluation | Needs evaluation | Not in release | — | — |
| spring | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-48423
Medium priorityAn issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
3 affected packages
assimp, qt6-3d, qt6-quick3d
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| assimp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-3d | Needs evaluation | Needs evaluation | Not in release | — | — |
| qt6-quick3d | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-48208
Medium prioritypure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
1 affected packages
pure-ftpd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pure-ftpd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-47883
Medium priorityThe OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or...
1 affected packages
openrefine-butterfly
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openrefine-butterfly | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-47882
Medium priorityOpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML...
1 affected packages
openrefine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openrefine | Needs evaluation | Needs evaluation | Not in release | — | — |