Search CVE reports
251 – 260 of 33882 results
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS,...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 24.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Needs evaluation |
| firefox | Not affected |
| thunderbird | Not affected |
| chromium-browser | Not affected |
Not in release
[Unknown description]
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |