Search CVE reports
11 – 20 of 20 results
Some fixes available 12 of 15
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login...
1 affected package
buildbot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| buildbot | Fixed | Fixed | Fixed | Vulnerable |
Some fixes available 14 of 15
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap...
3 affected packages
ldb, samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ldb | — | — | — | — |
| samba | — | — | — | — |
| samba4 | — | — | — | — |
Some fixes available 13 of 14
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows...
3 affected packages
ldb, samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ldb | — | — | — | — |
| samba | — | — | — | — |
| samba4 | — | — | — | — |
Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.
1 affected package
buildbot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| buildbot | — | — | — | — |
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1 affected package
buildbot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| buildbot | — | — | — | — |
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| hsqldb | — | — | — | — |
| openoffice.org | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — |
Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| hsqldb | — | — | — | — |
| openoffice.org | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — |
Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| hsqldb | — | — | — | — |
| openoffice.org | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — |
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2)...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| hsqldb | — | — | — | — |
| openoffice.org | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — |
Some fixes available 7 of 9
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| hsqldb | — | — | — | — |
| openoffice.org | — | — | — | — |
| openoffice.org-amd64 | — | — | — | — |