Search CVE reports


Toggle filters

1 – 10 of 25737 results

Status is adjusted based on your filters.


CVE-2024-9427

Medium priority

Not in release

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a...

1 affected package

koji

Package 22.04 LTS
koji Not in release
Show less packages

CVE-2024-56378

Medium priority
Needs evaluation

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

1 affected package

poppler

Package 22.04 LTS
poppler Needs evaluation
Show less packages

CVE-2024-56375

Medium priority
Needs evaluation

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList....

1 affected package

fort-validator

Package 22.04 LTS
fort-validator Needs evaluation
Show less packages

CVE-2024-56337

Medium priority
Needs evaluation

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 22.04 LTS
tomcat10 Not in release
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
Show less packages

CVE-2024-56326

Medium priority
Needs evaluation

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code....

1 affected package

jinja2

Package 22.04 LTS
jinja2 Needs evaluation
Show less packages

CVE-2024-56201

Medium priority
Needs evaluation

Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox...

1 affected package

jinja2

Package 22.04 LTS
jinja2 Needs evaluation
Show less packages

CVE-2024-47515

Medium priority
Needs evaluation

A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance.

1 affected package

pagure

Package 22.04 LTS
pagure Needs evaluation
Show less packages

CVE-2024-40896

Medium priority
Not affected

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This...

1 affected package

libxml2

Package 22.04 LTS
libxml2 Not affected
Show less packages

CVE-2024-12678

Medium priority

Not in release

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad...

1 affected package

nomad

Package 22.04 LTS
nomad Not in release
Show less packages

CVE-2024-9102

Low priority
Needs evaluation

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could...

1 affected package

phpldapadmin

Package 22.04 LTS
phpldapadmin Needs evaluation
Show less packages