Search CVE reports
71 – 80 of 31924 results
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate...
1 affected package
node-webpack
| Package | 24.04 LTS |
|---|---|
| node-webpack | Needs evaluation |
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed....
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Not in release |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Not in release |
| golang-1.18 | Not in release |
| golang-1.20 | Not in release |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 24.04 LTS |
|---|---|
| golang-golang-x-net | Needs evaluation |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Not in release |
| adsys | Needs evaluation |
| juju-core | Not in release |
| lxd | Not in release |
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 24.04 LTS |
|---|---|
| golang-golang-x-net | Needs evaluation |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Not in release |
| adsys | Needs evaluation |
| juju-core | Not in release |
| lxd | Not in release |
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the...
1 affected package
dnsmasq
| Package | 24.04 LTS |
|---|---|
| dnsmasq | Not affected |
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist...
1 affected package
codeblocks
| Package | 24.04 LTS |
|---|---|
| codeblocks | Needs evaluation |
Not in release
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially...
1 affected package
web2py
| Package | 24.04 LTS |
|---|---|
| web2py | Not in release |
Not in release
[Unknown description]
1 affected package
grafana
| Package | 24.04 LTS |
|---|---|
| grafana | Not in release |
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
7 affected packages
golang-1.17, golang-1.20, golang-1.21, golang-1.22, golang-1.23...
| Package | 24.04 LTS |
|---|---|
| golang-1.17 | Not in release |
| golang-1.20 | Not in release |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent...
2 affected packages
golang-1.23, golang-1.24
| Package | 24.04 LTS |
|---|---|
| golang-1.23 | Not affected |
| golang-1.24 | Not in release |