Search CVE reports
431 – 440 of 31781 results
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
2 affected packages
request-tracker4, request-tracker5
| Package | 24.04 LTS |
|---|---|
| request-tracker4 | Needs evaluation |
| request-tracker5 | Needs evaluation |
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.
1 affected package
vlc
| Package | 24.04 LTS |
|---|---|
| vlc | Needs evaluation |
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
1 affected package
slurm-wlm
| Package | 24.04 LTS |
|---|---|
| slurm-wlm | Vulnerable |
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
1 affected package
lemonldap-ng
| Package | 24.04 LTS |
|---|---|
| lemonldap-ng | Needs evaluation |
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being...
1 affected package
dask.distributed
| Package | 24.04 LTS |
|---|---|
| dask.distributed | Needs evaluation |
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this...
1 affected package
glib2.0
| Package | 24.04 LTS |
|---|---|
| glib2.0 | Fixed |
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can...
1 affected package
plantuml
| Package | 24.04 LTS |
|---|---|
| plantuml | Needs evaluation |
[crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Not in release |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Not in release |
| golang-1.18 | Not in release |
| golang-1.20 | Not in release |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.
1 affected package
amd64-microcode
| Package | 24.04 LTS |
|---|---|
| amd64-microcode | Vulnerable |
Not in release
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with...
1 affected package
dolibarr
| Package | 24.04 LTS |
|---|---|
| dolibarr | Not in release |