Search CVE reports


Toggle filters

1 – 10 of 1270 results


CVE-2024-53259

Medium priority
Needs evaluation

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large"...

1 affected packages

golang-github-lucas-clemente-quic-go

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-lucas-clemente-quic-go Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-53859

Medium priority
Needs evaluation

go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts...

1 affected packages

golang-github-cli-go-gh-v2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-cli-go-gh-v2 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-10240

Medium priority
Ignored

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may...

1 affected packages

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gitlab Not in release Not in release Not in release Ignored
Show less packages

CVE-2024-8237

Medium priority
Ignored

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted...

1 affected packages

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gitlab Not in release Not in release Not in release Ignored
Show less packages

CVE-2024-8177

Medium priority
Ignored

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a...

1 affected packages

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gitlab Not in release Not in release Not in release Ignored
Show less packages

CVE-2024-8114

Medium priority
Ignored

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT)...

1 affected packages

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gitlab Not in release Not in release Not in release Ignored
Show less packages

CVE-2024-11828

Medium priority
Ignored

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS...

1 affected packages

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gitlab Not in release Not in release Not in release Ignored
Show less packages

CVE-2024-11669

Medium priority
Ignored

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to...

1 affected packages

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gitlab Not in release Not in release Not in release Ignored
Show less packages

CVE-2024-11668

Medium priority
Ignored

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls,...

1 affected packages

gitlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gitlab Not in release Not in release Not in release Ignored
Show less packages

CVE-2024-51744

Medium priority
Needs evaluation

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if...

2 affected packages

golang-github-golang-jwt-jwt, golang-github-golang-jwt-jwt-v5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-golang-jwt-jwt Needs evaluation Needs evaluation Not in release
golang-github-golang-jwt-jwt-v5 Needs evaluation Not in release Not in release
Show less packages