Search CVE reports
21 – 30 of 95 results
Some fixes available 1 of 3
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
1 affected package
request-tracker5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker5 | Not affected | Not affected | Fixed | Not in release | Not in release |
Some fixes available 6 of 8
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
2 affected packages
request-tracker4, request-tracker5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker4 | Not affected | Not affected | Fixed | Fixed | Fixed |
| request-tracker5 | Not affected | Not affected | Fixed | Not in release | Not in release |
Some fixes available 6 of 8
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
2 affected packages
request-tracker4, request-tracker5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker4 | Not affected | Not affected | Fixed | Fixed | Fixed |
| request-tracker5 | Not affected | Not affected | Fixed | Not in release | Ignored |
Some fixes available 3 of 5
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.
1 affected package
tracker-miners
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tracker-miners | — | — | Fixed | Ignored | Ignored |
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
1 affected package
hamster-time-tracker
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hamster-time-tracker | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after...
4 affected packages
ldap-account-manager, request-tracker4, ckeditor, ckeditor3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ckeditor | Not in release | Not affected | Vulnerable | Vulnerable | Vulnerable |
| ckeditor3 | Not in release | Needs evaluation | Needs evaluation | Ignored | Ignored |
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation...
4 affected packages
ldap-account-manager, request-tracker4, ckeditor3, ckeditor
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ldap-account-manager | — | Not affected | Not affected | Not affected | Not affected |
| request-tracker4 | — | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | — | Not affected | Not affected | Not affected | Not affected |
| ckeditor | — | Not affected | Not affected | Not affected | Not affected |
CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ckeditor | Not in release | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | Not in release | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript...
4 affected packages
request-tracker4, ckeditor, ckeditor3, ldap-account-manager
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ckeditor | Not in release | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | Not in release | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.
1 affected package
milkytracker
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| milkytracker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |