Search CVE reports
1211 – 1220 of 1755 results
Some fixes available 29 of 43
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value...
7 affected packages
vnc4, xorg-server-lts-raring, xorg-server-lts-utopic, xorg-server, xorg-server-lts-quantal...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vnc4 | Not in release | Not in release | Not in release | Vulnerable |
| xorg-server-lts-raring | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-utopic | Not in release | Not in release | Not in release | Not in release |
| xorg-server | Fixed | Fixed | Fixed | Fixed |
| xorg-server-lts-quantal | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-saucy | Not in release | Not in release | Not in release | Not in release |
| xorg-server-lts-trusty | Not in release | Not in release | Not in release | Not in release |
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/"...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | — | — |
Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape...
30 affected packages
linux, linux-armadaxp, linux-aws, linux-ec2, linux-flo...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux | — | — | — | — |
| linux-armadaxp | — | — | — | — |
| linux-aws | — | — | — | — |
| linux-ec2 | — | — | — | — |
| linux-flo | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — |
| linux-gke | — | — | — | — |
| linux-goldfish | — | — | — | — |
| linux-grouper | — | — | — | — |
| linux-hwe | — | — | — | — |
| linux-hwe-edge | — | — | — | — |
| linux-linaro-omap | — | — | — | — |
| linux-linaro-shared | — | — | — | — |
| linux-linaro-vexpress | — | — | — | — |
| linux-lts-quantal | — | — | — | — |
| linux-lts-raring | — | — | — | — |
| linux-lts-saucy | — | — | — | — |
| linux-lts-trusty | — | — | — | — |
| linux-lts-utopic | — | — | — | — |
| linux-lts-vivid | — | — | — | — |
| linux-lts-wily | — | — | — | — |
| linux-lts-xenial | — | — | — | — |
| linux-maguro | — | — | — | — |
| linux-mako | — | — | — | — |
| linux-manta | — | — | — | — |
| linux-mvl-dove | — | — | — | — |
| linux-qcm-msm | — | — | — | — |
| linux-raspi2 | — | — | — | — |
| linux-snapdragon | — | — | — | — |
| linux-ti-omap4 | — | — | — | — |
Some fixes available 4 of 15
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a...
23 affected packages
linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51, linux-goldfish...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux-armadaxp | — | — | — | — |
| linux-ec2 | — | — | — | — |
| linux-flo | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — |
| linux-goldfish | — | — | — | — |
| linux-grouper | — | — | — | — |
| linux-linaro-omap | — | — | — | — |
| linux-linaro-shared | — | — | — | — |
| linux-linaro-vexpress | — | — | — | — |
| linux-lts-quantal | — | — | — | — |
| linux-lts-raring | — | — | — | — |
| linux-lts-saucy | — | — | — | — |
| linux-lts-trusty | — | — | — | — |
| linux-lts-utopic | — | — | — | — |
| linux-lts-vivid | — | — | — | — |
| linux-maguro | — | — | — | — |
| linux-mako | — | — | — | — |
| linux-manta | — | — | — | — |
| linux-mvl-dove | — | — | — | — |
| linux-qcm-msm | — | — | — | — |
| linux-raspi2 | — | — | — | — |
| linux-ti-omap4 | — | — | — | — |
| linux | — | — | — | — |
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | — | — |
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | — | — |
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | — | — |
Some fixes available 7 of 36
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS...
30 affected packages
linux-flo, linux, linux-armadaxp, linux-aws, linux-ec2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| linux-flo | — | — | — | — |
| linux | — | — | — | — |
| linux-armadaxp | — | — | — | — |
| linux-aws | — | — | — | — |
| linux-ec2 | — | — | — | — |
| linux-fsl-imx51 | — | — | — | — |
| linux-gke | — | — | — | — |
| linux-goldfish | — | — | — | — |
| linux-grouper | — | — | — | — |
| linux-hwe | — | — | — | — |
| linux-hwe-edge | — | — | — | — |
| linux-linaro-omap | — | — | — | — |
| linux-linaro-shared | — | — | — | — |
| linux-linaro-vexpress | — | — | — | — |
| linux-lts-quantal | — | — | — | — |
| linux-lts-raring | — | — | — | — |
| linux-lts-saucy | — | — | — | — |
| linux-lts-trusty | — | — | — | — |
| linux-lts-utopic | — | — | — | — |
| linux-lts-vivid | — | — | — | — |
| linux-lts-wily | — | — | — | — |
| linux-lts-xenial | — | — | — | — |
| linux-maguro | — | — | — | — |
| linux-mako | — | — | — | — |
| linux-manta | — | — | — | — |
| linux-mvl-dove | — | — | — | — |
| linux-qcm-msm | — | — | — | — |
| linux-raspi2 | — | — | — | — |
| linux-snapdragon | — | — | — | — |
| linux-ti-omap4 | — | — | — | — |
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | — | — |
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to...
1 affected package
mantis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mantis | — | — | — | — |