Search CVE reports
1 – 10 of 21510 results
CVE-2024-53920
Medium priorityIn elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to...
5 affected packages
emacs, emacs24, emacs25, xemacs21, xemacs21-packages
Package | 24.04 LTS |
---|---|
emacs | Needs evaluation |
emacs24 | Not in release |
emacs25 | Not in release |
xemacs21 | Needs evaluation |
xemacs21-packages | Needs evaluation |
CVE-2024-53849
Medium priorityeditorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains...
1 affected packages
editorconfig-core
Package | 24.04 LTS |
---|---|
editorconfig-core | Not affected |
CVE-2024-53976
Low priorityUnder certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Ignored |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Not in release |
mozjs91 | Not in release |
thunderbird | Not affected |
CVE-2024-53620
Medium priorityA cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
1 affected packages
spip
Package | 24.04 LTS |
---|---|
spip | Needs evaluation |
CVE-2024-53619
Medium priorityAn authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
1 affected packages
spip
Package | 24.04 LTS |
---|---|
spip | Needs evaluation |
CVE-2024-52337
Medium priorityA log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the...
1 affected packages
tuned
Package | 24.04 LTS |
---|---|
tuned | Needs evaluation |
CVE-2024-52336
Medium priorityA script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute...
1 affected packages
tuned
Package | 24.04 LTS |
---|---|
tuned | Needs evaluation |
CVE-2024-38819
Medium priorityA flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft...
1 affected packages
libspring-java
Package | 24.04 LTS |
---|---|
libspring-java | Needs evaluation |
CVE-2024-11708
Medium priorityMissing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Ignored |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Not in release |
mozjs91 | Not in release |
thunderbird | Not affected |
CVE-2024-11706
Medium priorityA null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS |
---|---|
firefox | Not affected |
mozjs102 | Ignored |
mozjs115 | Ignored |
mozjs38 | Not in release |
mozjs52 | Not in release |
mozjs68 | Not in release |
mozjs78 | Not in release |
mozjs91 | Not in release |
thunderbird | Not affected |