Search CVE reports


Toggle filters

471 – 480 of 1287 results


CVE-2021-41164

Medium priority
Needs evaluation

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to...

4 affected packages

ldap-account-manager, request-tracker4, ckeditor, ckeditor3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor Not in release Not affected Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-39212

Low priority

Some fixes available 10 of 12

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases,...

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Fixed Fixed Fixed Fixed Not affected
Show less packages

CVE-2021-37695

Medium priority

Some fixes available 4 of 42

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed...

4 affected packages

ldap-account-manager, request-tracker4, ckeditor, ckeditor3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor Not in release Not affected Not affected Fixed Fixed
ckeditor3 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-22234

Medium priority
Needs evaluation

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design...

2 affected packages

gitlab-agent, gitlab

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gitlab-agent Needs evaluation Needs evaluation Not in release Not in release
gitlab Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-36083

Low priority
Needs evaluation

KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.

1 affected package

kimageformats

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
kimageformats Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2021-34183

Negligible priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

1 affected package

imagemagick

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
imagemagick Not affected Not affected
Show less packages

CVE-2021-31855

Medium priority
Vulnerable

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload...

2 affected packages

kdepim4, kf5-messagelib

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
kdepim4 Not in release Not in release Not in release Not in release Vulnerable
kf5-messagelib Not in release Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2020-24870

Medium priority
Needs evaluation

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.

8 affected packages

darktable, exactimage, dcraw, rawtherapee, kodi...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
ufraw Not in release Not in release Not in release Not in release Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2021-31525

Low priority
Needs evaluation

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.15 Not in release Not in release
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-golang-x-net Not affected Not affected Not affected Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Not in release Needs evaluation Needs evaluation
google-guest-agent Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-33194

Medium priority

Some fixes available 2 of 10

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

4 affected packages

golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not affected Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Fixed Not affected
google-guest-agent Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not affected Fixed
Show less packages