Search CVE reports
11 – 20 of 20 results
CVE-2019-7313
Medium prioritySome fixes available 12 of 14
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
1 affected package
buildbot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
buildbot | Fixed | Fixed | Fixed | Vulnerable | Not affected |
CVE-2015-5330
Medium prioritySome fixes available 14 of 15
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap...
3 affected packages
ldb, samba, samba4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | — | — | — | — | Fixed |
samba | — | — | — | — | Fixed |
samba4 | — | — | — | — | Not in release |
CVE-2015-3223
Medium prioritySome fixes available 13 of 14
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows...
3 affected packages
ldb, samba, samba4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | — | — | — | — | Fixed |
samba | — | — | — | — | Fixed |
samba4 | — | — | — | — | Not in release |
CVE-2009-2967
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.
1 affected package
buildbot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
buildbot | — | — | — | — | — |
CVE-2009-2959
Medium priorityCross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1 affected package
buildbot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
buildbot | — | — | — | — | — |
CVE-2008-0320
Medium priorityHeap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hsqldb | — | — | — | — | — |
openoffice.org | — | — | — | — | — |
openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-5747
Medium priorityInteger underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hsqldb | — | — | — | — | — |
openoffice.org | — | — | — | — | — |
openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-5746
Medium priorityInteger overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hsqldb | — | — | — | — | — |
openoffice.org | — | — | — | — | — |
openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-5745
Medium priorityMultiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2)...
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hsqldb | — | — | — | — | — |
openoffice.org | — | — | — | — | — |
openoffice.org-amd64 | — | — | — | — | — |
CVE-2007-4575
Medium prioritySome fixes available 7 of 9
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
3 affected packages
hsqldb, openoffice.org, openoffice.org-amd64
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hsqldb | — | — | — | — | — |
openoffice.org | — | — | — | — | — |
openoffice.org-amd64 | — | — | — | — | — |