Search CVE reports
11 – 20 of 20 results
CVE-2019-7313
Medium prioritySome fixes available 11 of 13
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
1 affected packages
buildbot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| buildbot | Fixed | Fixed | Fixed | Vulnerable | Not affected |
CVE-2015-5330
Medium prioritySome fixes available 14 of 15
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap...
3 affected packages
ldb, samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ldb | — | — | — | — | Fixed |
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2015-3223
Medium prioritySome fixes available 13 of 14
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows...
3 affected packages
ldb, samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ldb | — | — | — | — | Fixed |
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2009-2967
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.
1 affected packages
buildbot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| buildbot | — | — | — | — | — |
CVE-2009-2959
Medium priorityCross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1 affected packages
buildbot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| buildbot | — | — | — | — | — |
CVE-2008-0320
Medium priorityHeap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hsqldb | — | — | — | — | — |
| openoffice.org | — | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-5747
Medium priorityInteger underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hsqldb | — | — | — | — | — |
| openoffice.org | — | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-5746
Medium priorityInteger overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hsqldb | — | — | — | — | — |
| openoffice.org | — | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-5745
Medium priorityMultiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2)...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hsqldb | — | — | — | — | — |
| openoffice.org | — | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-4575
Medium prioritySome fixes available 7 of 9
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hsqldb | — | — | — | — | — |
| openoffice.org | — | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — | — |