Launchpad
Products
4- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-32550 | Cri | 0.60 | 9.3 | 0.00 | Jun 6, 2023 | Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | ||
| CVE-2021-44686 | Hig | 0.49 | 7.5 | 0.05 | Dec 7, 2021 | calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. | ||
| CVE-2012-0955 | Med | 0.44 | 6.8 | 0.01 | Dec 2, 2020 | software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle… | ||
| CVE-2023-32551 | Med | 0.40 | 6.1 | 0.00 | Jun 6, 2023 | Landscape allowed URLs which caused open redirection. | ||
| CVE-2009-4426 | 0.03 | — | 0.02 | Dec 28, 2009 | Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. |
- risk 0.60cvss 9.3epss 0.00
Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
- risk 0.49cvss 7.5epss 0.05
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
- risk 0.44cvss 6.8epss 0.01
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle…
- risk 0.40cvss 6.1epss 0.00
Landscape allowed URLs which caused open redirection.
- CVE-2009-4426Dec 28, 2009risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.