Search CVE reports
1 – 5 of 5 results
CVE-2024-27285
Medium priorityYARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment...
1 affected package
yard
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| yard | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2019-1020001
Medium prioritySome fixes available 1 of 3
yard before 0.9.20 allows path traversal.
1 affected package
yard
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| yard | Not affected | Not affected | Not affected | Fixed | Not affected |
CVE-2017-17042
Medium prioritySome fixes available 1 of 3
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
1 affected package
yard
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| yard | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2013-4147
Medium priorityMultiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a...
1 affected package
yardradius
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| yardradius | — | — | — | Not in release | Not in release |
CVE-2004-0987
Unknown priorityBuffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.
1 affected package
yardradius
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| yardradius | — | — | — | — | — |