Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 59 results


CVE-2022-48110

Medium priority
Ignored

** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Not affected Not affected Not affected Not affected Not affected
ckeditor3 Not affected Not affected Not affected Not affected Ignored
ldap-account-manager Not affected Not affected Not affected Not affected Not affected
request-tracker4 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-22457

Medium priority
Needs evaluation

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-31175

Medium priority
Needs evaluation

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-25802

Medium priority

Some fixes available 5 of 16

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.

2 affected packages

request-tracker4, request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker4 Vulnerable Fixed Fixed Fixed Ignored
request-tracker5 Needs evaluation Needs evaluation Not in release Not in release Not in release
Show less packages

CVE-2022-24729

Low priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-24728

Medium priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-41165

Medium priority
Needs evaluation

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-41164

Medium priority
Needs evaluation

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-38562

Low priority

Some fixes available 7 of 17

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

2 affected packages

request-tracker4, request-tracker5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
request-tracker4 Fixed Fixed Fixed Fixed Ignored
request-tracker5 Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2021-37695

Medium priority

Some fixes available 4 of 37

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Not affected Not affected Fixed Fixed Fixed
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages