Search CVE reports
1 – 10 of 25737 results
CVE-2024-9427
Medium priorityNot in release
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a...
1 affected package
koji
Package | 22.04 LTS |
---|---|
koji | Not in release |
CVE-2024-56378
Medium prioritylibpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
1 affected package
poppler
Package | 22.04 LTS |
---|---|
poppler | Needs evaluation |
CVE-2024-56375
Medium priorityAn integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList....
1 affected package
fort-validator
Package | 22.04 LTS |
---|---|
fort-validator | Needs evaluation |
CVE-2024-56337
Medium priorityTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
Package | 22.04 LTS |
---|---|
tomcat10 | Not in release |
tomcat6 | Not in release |
tomcat7 | Not in release |
tomcat8 | Not in release |
tomcat9 | Needs evaluation |
CVE-2024-56326
Medium priorityJinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code....
1 affected package
jinja2
Package | 22.04 LTS |
---|---|
jinja2 | Needs evaluation |
CVE-2024-56201
Medium priorityJinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox...
1 affected package
jinja2
Package | 22.04 LTS |
---|---|
jinja2 | Needs evaluation |
CVE-2024-47515
Medium priorityA vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance.
1 affected package
pagure
Package | 22.04 LTS |
---|---|
pagure | Needs evaluation |
CVE-2024-40896
Medium priorityIn libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This...
1 affected package
libxml2
Package | 22.04 LTS |
---|---|
libxml2 | Not affected |
CVE-2024-12678
Medium priorityNot in release
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad...
1 affected package
nomad
Package | 22.04 LTS |
---|---|
nomad | Not in release |
CVE-2024-9102
Low priorityphpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could...
1 affected package
phpldapadmin
Package | 22.04 LTS |
---|---|
phpldapadmin | Needs evaluation |