Search CVE reports
11 – 20 of 58 results
CVE-2023-22457
Medium priorityCKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-31175
Medium priorityCKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-25802
Medium prioritySome fixes available 5 of 15
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
2 affected packages
request-tracker4, request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Vulnerable | Fixed | Fixed | Fixed | Ignored |
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2022-24729
Low priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-24728
Medium priorityCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-41165
Medium priorityCKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-41164
Medium priorityCKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-38562
Low prioritySome fixes available 6 of 16
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
2 affected packages
request-tracker4, request-tracker5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Fixed | Fixed | Fixed | Fixed | Ignored |
request-tracker5 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
CVE-2021-37695
Medium prioritySome fixes available 4 of 34
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed...
4 affected packages
ckeditor, ckeditor3, ldap-account-manager, request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ckeditor | Not affected | Not affected | Fixed | Fixed | Fixed |
ckeditor3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
ldap-account-manager | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
request-tracker4 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2017-5944
Medium prioritySome fixes available 1 of 3
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted...
1 affected packages
request-tracker4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
request-tracker4 | Not affected | Not affected | Not affected | Not affected | Vulnerable |