Search CVE reports
1 – 10 of 95 results
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ckeditor | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ckeditor3 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
2 affected packages
tracker-miners, localsearch
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tracker-miners | — | Fixed | Fixed | Not affected | Not affected |
| localsearch | — | Not in release | Not in release | — | — |
Some fixes available 3 of 5
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags)]
2 affected packages
localsearch, tracker-miners
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| localsearch | Not affected | Not in release | Not in release | — | — |
| tracker-miners | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
Some fixes available 3 of 5
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags)]
2 affected packages
localsearch, tracker-miners
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| localsearch | Not affected | Not in release | Not in release | — | — |
| tracker-miners | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
Some fixes available 3 of 5
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
2 affected packages
localsearch, tracker-miners
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| localsearch | Not affected | Not in release | Not in release | — | — |
| tracker-miners | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
2 affected packages
request-tracker4, request-tracker5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ckeditor | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ckeditor3 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically...
1 affected package
request-tracker5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
Some fixes available 3 of 4
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
1 affected package
request-tracker5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker5 | Not affected | Fixed | Fixed | Not in release | — |
Some fixes available 3 of 4
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
1 affected package
request-tracker5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| request-tracker5 | Not affected | Fixed | Fixed | Not in release | — |