Search CVE reports
111 – 120 of 490 results
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it...
2 affected packages
kate, ktexteditor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kate | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ktexteditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...
1 affected package
mysql-connector-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mysql-connector-java | — | — | — | Needs evaluation |
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to...
4 affected packages
ckeditor3, ldap-account-manager, request-tracker4, ckeditor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ckeditor | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache...
2 affected packages
cfrpki, fort-validator
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | Not in release | Not affected | — | — |
| fort-validator | Not affected | Not affected | Vulnerable | — |
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions...
2 affected packages
cfrpki, routinator
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | — | Not affected | — | — |
| routinator | — | — | — | — |
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall...
4 affected packages
cfrpki, fort-validator, routinator, rpki-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | Not in release | Not affected | — | — |
| fort-validator | Not affected | Not affected | Vulnerable | — |
| routinator | — | — | — | — |
| rpki-client | Not affected | Not affected | — | — |
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By...
3 affected packages
cfrpki, fort-validator, rpki-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cfrpki | Not in release | Needs evaluation | — | — |
| fort-validator | Not affected | Not affected | Not affected | — |
| rpki-client | Not affected | Not affected | — | — |
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.
1 affected package
fort-validator
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| fort-validator | Not affected | Not affected | Not affected | — |
validator.js is vulnerable to Inefficient Regular Expression Complexity
1 affected package
validator.js
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| validator.js | — | — | — | Needs evaluation |