Search CVE reports
1 – 10 of 22092 results
CVE-2025-22376
Medium priorityIn Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
1 affected package
libnet-oauth-perl
| Package | 24.04 LTS |
|---|---|
| libnet-oauth-perl | Needs evaluation |
CVE-2024-9264
Medium priorityNot in release
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection...
1 affected package
grafana
| Package | 24.04 LTS |
|---|---|
| grafana | Not in release |
CVE-2024-8418
Medium priorityA flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the...
1 affected package
aardvark-dns
| Package | 24.04 LTS |
|---|---|
| aardvark-dns | Needs evaluation |
CVE-2024-7883
Medium priorityWhen using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and...
9 affected packages
llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15...
| Package | 24.04 LTS |
|---|---|
| llvm-toolchain-11 | Not in release |
| llvm-toolchain-12 | Not in release |
| llvm-toolchain-13 | Not in release |
| llvm-toolchain-14 | Needs evaluation |
| llvm-toolchain-15 | Needs evaluation |
| llvm-toolchain-16 | Needs evaluation |
| llvm-toolchain-17 | Needs evaluation |
| llvm-toolchain-18 | Needs evaluation |
| llvm-toolchain-19 | Not in release |
CVE-2024-6542
Medium priorityNot in release
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.Improper neutralization of livestatus...
1 affected package
check-mk
| Package | 24.04 LTS |
|---|---|
| check-mk | Not in release |
CVE-2024-6485
Medium priorityA security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability...
1 affected package
twitter-bootstrap3
| Package | 24.04 LTS |
|---|---|
| twitter-bootstrap3 | Needs evaluation |
CVE-2024-54534
Medium prioritySome fixes available 1 of 2
5 affected packages
qtwebkit-opensource-src, qtwebkit-source, webkit2gtk, webkitgtk, wpewebkit
| Package | 24.04 LTS |
|---|---|
| qtwebkit-opensource-src | Ignored |
| qtwebkit-source | Not in release |
| webkit2gtk | Fixed |
| webkitgtk | Not in release |
| wpewebkit | Not in release |
CVE-2024-54508
Medium priority5 affected packages
qtwebkit-opensource-src, qtwebkit-source, webkit2gtk, webkitgtk, wpewebkit
| Package | 24.04 LTS |
|---|---|
| qtwebkit-opensource-src | Ignored |
| qtwebkit-source | Not in release |
| webkit2gtk | Vulnerable |
| webkitgtk | Not in release |
| wpewebkit | Not in release |
CVE-2024-54505
Medium priority5 affected packages
qtwebkit-opensource-src, qtwebkit-source, webkit2gtk, webkitgtk, wpewebkit
| Package | 24.04 LTS |
|---|---|
| qtwebkit-opensource-src | Ignored |
| qtwebkit-source | Not in release |
| webkit2gtk | Vulnerable |
| webkitgtk | Not in release |
| wpewebkit | Not in release |
CVE-2024-54502
Medium priority5 affected packages
qtwebkit-opensource-src, qtwebkit-source, webkit2gtk, webkitgtk, wpewebkit
| Package | 24.04 LTS |
|---|---|
| qtwebkit-opensource-src | Ignored |
| qtwebkit-source | Not in release |
| webkit2gtk | Vulnerable |
| webkitgtk | Not in release |
| wpewebkit | Not in release |