CVE search results

301 – 310 of 490 results

Detailed view

Sort by:

CVE-2017-6504

Medium priority

Vulnerable

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.

1 affected package

qbittorrent

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qbittorrent	Not affected	Not affected	Not affected	Not affected

CVE-2017-6503

Medium priority

Vulnerable

WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.

1 affected package

qbittorrent

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qbittorrent	Not affected	Not affected	Not affected	Not affected

CVE-2016-3180

Medium priority

Some fixes available 1 of 5

Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and...

1 affected package

torbrowser-launcher

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
torbrowser-launcher	—	—	—	Not affected

CVE-2016-7164

Low priority

Vulnerable

The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.

1 affected package

libtorrent-rasterbar

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libtorrent-rasterbar	Not affected	Not affected	Not affected	Not affected

CVE-2016-7798

Low priority

Some fixes available 5 of 16

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

7 affected packages

ruby-attr-encrypted, ruby-encryptor, ruby1.8, ruby1.9.1, ruby2.0...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-attr-encrypted	Not affected	Not affected	Not affected	Not in release
ruby-encryptor	Not affected	Not affected	Not affected	Not in release
ruby1.8	Not in release	Not in release	Not in release	Not in release
ruby1.9.1	Not in release	Not in release	Not in release	Not in release
ruby2.0	Not in release	Not in release	Not in release	Not in release
ruby2.1	Not in release	Not in release	Not in release	Not in release
ruby2.3	Not in release	Not in release	Not in release	Not in release

CVE-2014-9772

Medium priority

Not affected

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.

1 affected package

validator.js

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
validator.js	—	—	—	—

CVE-2013-7454

Medium priority

Not affected

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.

1 affected package

validator.js

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
validator.js	—	—	—	—

CVE-2013-7453

Medium priority

Not affected

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.

1 affected package

validator.js

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
validator.js	—	—	—	—

CVE-2013-7452

Medium priority

Not affected

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.

1 affected package

validator.js

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
validator.js	—	—	—	—

CVE-2013-7451

Medium priority

Not affected

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.

1 affected package

validator.js

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
validator.js	—	—	—	—

Export to JSON

Results by page:

Search CVE reports