Search CVE reports
801 – 810 of 67995 results
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main...
1 affected package
python-git
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-git | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent...
1 affected package
python-git
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-git | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 7
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this...
1 affected package
gnutls28
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gnutls28 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in...
1 affected package
node-webfont
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-webfont | Needs evaluation | Needs evaluation | Not in release | — | — |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The...
2 affected packages
incus, lxd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| incus | Needs evaluation | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file...
2 affected packages
incus, lxd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| incus | Needs evaluation | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for...
2 affected packages
incus, lxd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| incus | Needs evaluation | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file....
1 affected package
incus
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| incus | Needs evaluation | Needs evaluation | Not in release | — | — |
Some fixes available 4 of 7
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending...
1 affected package
gnutls28
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gnutls28 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |