Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 31841 results

Status is adjusted based on your filters.


CVE-2024-53920

Medium priority
Needs evaluation

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to...

5 affected packages

emacs, emacs24, emacs25, xemacs21, xemacs21-packages

Package 18.04 LTS
emacs
emacs24
emacs25 Needs evaluation
xemacs21 Needs evaluation
xemacs21-packages Needs evaluation
Show less packages

CVE-2024-53849

Medium priority
Needs evaluation

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains...

1 affected packages

editorconfig-core

Package 18.04 LTS
editorconfig-core Needs evaluation
Show less packages

CVE-2024-53976

Low priority
Needs evaluation

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 18.04 LTS
firefox
mozjs102
mozjs115
mozjs38 Needs evaluation
mozjs52 Ignored
mozjs68
mozjs78
mozjs91
thunderbird
Show all 9 packages Show less packages

CVE-2024-53620

Medium priority
Needs evaluation

A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.

1 affected packages

spip

Package 18.04 LTS
spip Needs evaluation
Show less packages

CVE-2024-53619

Medium priority
Needs evaluation

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.

1 affected packages

spip

Package 18.04 LTS
spip Needs evaluation
Show less packages

CVE-2024-52337

Medium priority
Needs evaluation

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the...

1 affected packages

tuned

Package 18.04 LTS
tuned Needs evaluation
Show less packages

CVE-2024-52336

Medium priority
Needs evaluation

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute...

1 affected packages

tuned

Package 18.04 LTS
tuned Needs evaluation
Show less packages

CVE-2024-38819

Medium priority
Needs evaluation

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft...

1 affected packages

libspring-java

Package 18.04 LTS
libspring-java Needs evaluation
Show less packages

CVE-2024-11708

Medium priority
Needs evaluation

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 18.04 LTS
firefox
mozjs102
mozjs115
mozjs38 Needs evaluation
mozjs52 Ignored
mozjs68
mozjs78
mozjs91
thunderbird
Show all 9 packages Show less packages

CVE-2024-11706

Medium priority
Needs evaluation

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 18.04 LTS
firefox
mozjs102
mozjs115
mozjs38 Needs evaluation
mozjs52 Ignored
mozjs68
mozjs78
mozjs91
thunderbird
Show all 9 packages Show less packages