CVE search results

31 – 40 of 428 results

Detailed view

Sort by:

CVE-2023-30801

Medium priority

Needs evaluation

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A...

1 affected packages

qbittorrent

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qbittorrent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-28370

Medium priority

Some fixes available 2 of 11

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

2 affected packages

python-tornado, salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python-tornado	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Fixed
salt	Not in release	Needs evaluation	Not in release	Needs evaluation	Needs evaluation

CVE-2023-2088

Medium priority

Some fixes available 10 of 30

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...

5 affected packages

cinder, ironic, nova, python-glance-store, python-os-brick

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cinder	—	Fixed	Ignored	Ignored	Ignored
ironic	—	Fixed	Ignored	Ignored	Ignored
nova	—	Fixed	Ignored	Ignored	Ignored
python-glance-store	—	Fixed	Ignored	Ignored	Ignored
python-os-brick	—	Fixed	Ignored	Ignored	Ignored

CVE-2023-21971

Medium priority

Needs evaluation

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...

1 affected packages

mysql-connector-java

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
mysql-connector-java	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2023-28439

Medium priority

Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ckeditor	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ckeditor3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
ldap-account-manager	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
request-tracker4	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-48110

Medium priority

Ignored

** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ckeditor	Not affected	Not affected	Not affected	Not affected	Not affected
ckeditor3	Not affected	Not affected	Not affected	Not affected	Ignored
ldap-account-manager	Not affected	Not affected	Not affected	Not affected	Not affected
request-tracker4	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2023-0341

Medium priority

Fixed

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6...

1 affected packages

editorconfig-core

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
editorconfig-core	Not affected	Fixed	Fixed	Fixed	Fixed

CVE-2023-23589

Medium priority

Needs evaluation

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

1 affected packages

tor

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tor	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-22457

Medium priority

Needs evaluation

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ckeditor	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ckeditor3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
ldap-account-manager	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
request-tracker4	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-45907

Medium priority

Needs evaluation

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.

1 affected packages

pytorch

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
pytorch	Not in release	Needs evaluation	Not in release	Not in release	Ignored

Export to JSON

Results by page:

Search CVE reports