Search CVE reports
61 – 70 of 31282 results
Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as...
1 affected package
golang-github-xenolf-lego
| Package | 22.04 LTS |
|---|---|
| golang-github-xenolf-lego | Needs evaluation |
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
1 affected package
node-tmp
| Package | 22.04 LTS |
|---|---|
| node-tmp | Needs evaluation |
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by...
1 affected package
golang-github-rs-cors
| Package | 22.04 LTS |
|---|---|
| golang-github-rs-cors | Needs evaluation |
poco v1.14.1-release was discovered to contain weak encryption.
1 affected package
poco
| Package | 22.04 LTS |
|---|---|
| poco | Needs evaluation |
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is...
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
| Package | 22.04 LTS |
|---|---|
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Not in release |
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
1 affected package
golang-github-cloudflare-circl
| Package | 22.04 LTS |
|---|---|
| golang-github-cloudflare-circl | Needs evaluation |
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is...
1 affected package
icingaweb2-module-pdfexport
| Package | 22.04 LTS |
|---|---|
| icingaweb2-module-pdfexport | Needs evaluation |
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several...
1 affected package
modsecurity
| Package | 22.04 LTS |
|---|---|
| modsecurity | Needs evaluation |
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
2 affected packages
u-boot, u-boot-nezha
| Package | 22.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | Needs evaluation |
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double...
2 affected packages
ffmpeg, libav
| Package | 22.04 LTS |
|---|---|
| ffmpeg | Needs evaluation |
| libav | Not in release |