Search CVE reports

11 – 20 of 1754 results

Detailed view

Sort by:

CVE-2022-29577

Medium priority

Needs evaluation

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because...

1 affected packages

libowasp-antisamy-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libowasp-antisamy-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-28367

Medium priority

Needs evaluation

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

1 affected packages

libowasp-antisamy-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libowasp-antisamy-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-28366

Medium priority

Needs evaluation

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed...

1 affected packages

libowasp-antisamy-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libowasp-antisamy-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2011-4917

Low priority

Ignored

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

18 affected packages

linux, linux-armadaxp, linux-ec2, linux-flo, linux-fsl-imx51...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
linux	—	—	—	—	—
linux-armadaxp	—	—	—	—	—
linux-ec2	—	—	—	—	—
linux-flo	—	—	—	—	—
linux-fsl-imx51	—	—	—	—	—
linux-goldfish	—	—	—	—	—
linux-grouper	—	—	—	—	—
linux-lts-backport-maverick	—	—	—	—	—
linux-lts-backport-natty	—	—	—	—	—
linux-lts-backport-oneiric	—	—	—	—	—
linux-lts-quantal	—	—	—	—	—
linux-lts-raring	—	—	—	—	—
linux-lts-saucy	—	—	—	—	—
linux-maguro	—	—	—	—	—
linux-mako	—	—	—	—	—
linux-manta	—	—	—	—	—
linux-mvl-dove	—	—	—	—	—
linux-ti-omap4	—	—	—	—	—

CVE-2022-1231

Medium priority

Needs evaluation

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account...

1 affected packages

plantuml

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
plantuml	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25299

Medium priority

Needs evaluation

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.

1 affected packages

phantomjs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
phantomjs	—	—	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ardour	Not affected	Not affected	Not affected	Not affected	Not affected
bam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	Not affected	Not affected	Not affected	Not affected	Not affected
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
emscripten	Needs evaluation	Needs evaluation	—	Needs evaluation	Needs evaluation
enigma	Not affected	Not affected	Not affected	Not affected	Not affected
freeciv	Not affected	Not affected	Not affected	Not affected	Not affected
freedroidrpg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
gtk2-engines	Not affected	Not affected	Not affected	Not affected	Not affected
haskell-hslua	Not affected	Not affected	Not affected	Not affected	Not affected
hedgewars	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected
luajit	Not affected	Not affected	Not affected	Not affected	Not affected
mame	Not affected	Not affected	Not affected	Not affected	Not affected
naev	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
openscenegraph	Not affected	Not affected	Not affected	Not affected	Not affected
redis	Not affected	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
scite	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	Not affected	Not affected	Not affected	Not affected	Not affected
spring	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	Not in release	Not in release	Not affected	Not affected	Not affected
tagua	Not affected	Not affected	Not affected	Not affected	Not affected
tarantool	Needs evaluation	Needs evaluation	Needs evaluation	—	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
ufoai	Not affected	Not affected	Not affected	Not affected	Not affected
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
wesnoth	—	—	—	—	Ignored
widelands	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	Not affected	Not affected	Not affected	Not affected	Not affected
zfs-linux	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2021-35043

Medium priority

Needs evaluation

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

1 affected packages

libowasp-antisamy-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libowasp-antisamy-java	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-36374

Low priority

Needs evaluation

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt...

1 affected packages

ant

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ant	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-36373

Low priority

Needs evaluation

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache...

1 affected packages

ant

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ant	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page: