Search CVE reports
41 – 50 of 37219 results
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path...
1 affected package
erlang
| Package | 20.04 LTS |
|---|---|
| erlang | Needs evaluation |
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this...
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit...
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this...
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this...
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit...
1 affected package
gimp
| Package | 20.04 LTS |
|---|---|
| gimp | Needs evaluation |
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition...
1 affected package
spip
| Package | 20.04 LTS |
|---|---|
| spip | Needs evaluation |
SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML...
1 affected package
spip
| Package | 20.04 LTS |
|---|---|
| spip | Needs evaluation |
SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set...
1 affected package
spip
| Package | 20.04 LTS |
|---|---|
| spip | Needs evaluation |
SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing...
1 affected package
spip
| Package | 20.04 LTS |
|---|---|
| spip | Needs evaluation |