Search CVE reports
81 – 90 of 501 results
Some fixes available 3 of 4
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...
1 affected package
fort-validator
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| fort-validator | Not affected | Fixed | Fixed | Fixed | — |
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This...
1 affected package
ruby-request-store
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby-request-store | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over...
4 affected packages
ckeditor3, ldap-account-manager, request-tracker4, ckeditor
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ckeditor3 | Not in release | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ckeditor | Not in release | Vulnerable | Not affected | Not affected | Not affected |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in...
5 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4, geshi
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ckeditor | Not in release | Not affected | Not affected | Not affected | Not affected |
| ckeditor3 | Not in release | Not affected | Not affected | Not affected | Not affected |
| ldap-account-manager | Not affected | Not affected | Not affected | Not affected | Not affected |
| request-tracker4 | Not affected | Not affected | Not affected | Not affected | Not affected |
| geshi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not...
1 affected package
pytorch
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pytorch | — | Not in release | Not affected | Not in release | — |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network...
1 affected package
mysql-connector-python
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mysql-connector-python | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
1 affected package
pytorch
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pytorch | — | Not in release | Not affected | Not in release | — |
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
1 affected package
pytorch
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pytorch | Needs evaluation | Not in release | Needs evaluation | Not in release | — |
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
1 affected package
pytorch
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pytorch | Needs evaluation | Not in release | Needs evaluation | Not in release | — |
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
1 affected package
pytorch
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pytorch | Needs evaluation | Not in release | Needs evaluation | Not in release | — |