Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 1733 results


CVE-2024-6388

Medium priority

Some fixes available 5 of 6

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.

1 affected packages

ubuntu-advantage-desktop-daemon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ubuntu-advantage-desktop-daemon Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-3772

Medium priority

Some fixes available 2 of 3

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

1 affected packages

pydantic

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pydantic Not affected Fixed Fixed
Show less packages

CVE-2024-23635

Medium priority
Needs evaluation

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML...

1 affected packages

libowasp-antisamy-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libowasp-antisamy-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-43643

Medium priority
Needs evaluation

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of...

1 affected packages

libowasp-antisamy-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libowasp-antisamy-java Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-3432

Medium priority
Vulnerable

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

1 affected packages

plantuml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
plantuml Needs evaluation Vulnerable Not affected Not affected Not affected
Show less packages

CVE-2023-3431

Medium priority
Vulnerable

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.

1 affected packages

plantuml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
plantuml Needs evaluation Vulnerable Not affected Not affected Not affected
Show less packages

CVE-2022-4515

Medium priority
Fixed

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary...

1 affected packages

exuberant-ctags

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exuberant-ctags Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-42717

Medium priority
Needs evaluation

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host...

1 affected packages

vagrant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
vagrant Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2011-4916

Low priority
Ignored

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

18 affected packages

linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
linux
linux-armadaxp
linux-ec2
linux-flo
linux-fsl-imx51
linux-goldfish
linux-grouper
linux-lts-backport-maverick
linux-lts-backport-natty
linux-lts-backport-oneiric
linux-lts-quantal
linux-lts-raring
linux-lts-saucy
linux-maguro
linux-mako
linux-manta
linux-mvl-dove
linux-ti-omap4
Show all 18 packages Show less packages

CVE-2022-1379

Medium priority
Needs evaluation

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery...

1 affected packages

plantuml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
plantuml Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages