Search CVE reports
111 – 120 of 19514 results
CVE-2024-8946
Medium priorityA vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer...
1 affected packages
micropython
Package | 24.04 LTS |
---|---|
micropython | Needs evaluation |
CVE-2024-8900
Medium priorityAn attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129.
2 affected packages
firefox, thunderbird
Package | 24.04 LTS |
---|---|
firefox | Not affected |
thunderbird | Not affected |
CVE-2024-8796
Medium priorityUnder the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to...
1 affected packages
ruby-devise-two-factor
Package | 24.04 LTS |
---|---|
ruby-devise-two-factor | Needs evaluation |
CVE-2024-7788
Medium priorityImproper Digital Signature InvalidationĀ vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
1 affected packages
libreoffice
Package | 24.04 LTS |
---|---|
libreoffice | Fixed |
CVE-2024-6685
Medium priorityNot in release
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.
1 affected packages
gitlab
Package | 24.04 LTS |
---|---|
gitlab | Not in release |
CVE-2024-4283
Medium priorityNot in release
An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account...
1 affected packages
gitlab
Package | 24.04 LTS |
---|---|
gitlab | Not in release |
CVE-2024-45801
Medium priorityDOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent...
1 affected packages
node-dompurify
Package | 24.04 LTS |
---|---|
node-dompurify | Needs evaluation |
CVE-2024-24968
Medium priorityImproper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access.
1 affected packages
intel-microcode
Package | 24.04 LTS |
---|---|
intel-microcode | Vulnerable |
CVE-2024-23984
Medium priorityObservable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
1 affected packages
intel-microcode
Package | 24.04 LTS |
---|---|
intel-microcode | Vulnerable |
CVE-2024-46958
Medium priorityIn Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
1 affected packages
nextcloud-desktop
Package | 24.04 LTS |
---|---|
nextcloud-desktop | Needs evaluation |