Search CVE reports
121 – 130 of 41994 results
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated...
1 affected package
calibre
| Package | 18.04 LTS |
|---|---|
| calibre | Needs evaluation |
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 18.04 LTS |
|---|---|
| ruby2.3 | — |
| ruby2.5 | Vulnerable |
| ruby2.7 | — |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Vulnerable |
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack...
1 affected package
pluxml
| Package | 18.04 LTS |
|---|---|
| pluxml | Needs evaluation |
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor...
1 affected package
pluxml
| Package | 18.04 LTS |
|---|---|
| pluxml | Needs evaluation |
PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the...
1 affected package
pluxml
| Package | 18.04 LTS |
|---|---|
| pluxml | Needs evaluation |
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply...
1 affected package
ruby-foreman
| Package | 18.04 LTS |
|---|---|
| ruby-foreman | Needs evaluation |
A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires...
1 affected package
vips
| Package | 18.04 LTS |
|---|---|
| vips | Needs evaluation |
A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The...
1 affected package
vips
| Package | 18.04 LTS |
|---|---|
| vips | Needs evaluation |
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alpha_band can lead to...
1 affected package
vips
| Package | 18.04 LTS |
|---|---|
| vips | Needs evaluation |
A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The...
1 affected package
vips
| Package | 18.04 LTS |
|---|---|
| vips | Needs evaluation |