Search CVE reports
141 – 150 of 31991 results
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 24.04 LTS |
|---|---|
| golang-golang-x-net | Needs evaluation |
| google-guest-agent | Not affected |
| containerd | Not affected |
| golang-golang-x-net-dev | Not in release |
| adsys | Not affected |
| juju-core | Not in release |
| lxd | Not in release |
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 24.04 LTS |
|---|---|
| golang-golang-x-net | Needs evaluation |
| google-guest-agent | Not affected |
| containerd | Not affected |
| golang-golang-x-net-dev | Not in release |
| adsys | Not affected |
| juju-core | Not in release |
| lxd | Not in release |
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the...
1 affected package
dnsmasq
| Package | 24.04 LTS |
|---|---|
| dnsmasq | Not affected |
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist...
1 affected package
codeblocks
| Package | 24.04 LTS |
|---|---|
| codeblocks | Needs evaluation |
Not in release
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially...
1 affected package
web2py
| Package | 24.04 LTS |
|---|---|
| web2py | Not in release |
Not in release
[Unknown description]
1 affected package
grafana
| Package | 24.04 LTS |
|---|---|
| grafana | Not in release |
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
7 affected packages
golang-1.17, golang-1.20, golang-1.21, golang-1.22, golang-1.23...
| Package | 24.04 LTS |
|---|---|
| golang-1.17 | Not in release |
| golang-1.20 | Not in release |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent...
2 affected packages
golang-1.23, golang-1.24
| Package | 24.04 LTS |
|---|---|
| golang-1.23 | Not affected |
| golang-1.24 | Not in release |
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an...
1 affected package
node-brace-expansion
| Package | 24.04 LTS |
|---|---|
| node-brace-expansion | Needs evaluation |
jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an...
1 affected package
rust-jsonwebtoken
| Package | 24.04 LTS |
|---|---|
| rust-jsonwebtoken | Needs evaluation |