Search CVE reports
11 – 20 of 32510 results
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart...
1 affected package
cpp-httplib
| Package | 24.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
Not in release
(PJSIP is a free and open source multimedia communication library writt ...)
1 affected package
pjproject
| Package | 24.04 LTS |
|---|---|
| pjproject | Not in release |
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject()...
1 affected package
node-immutable
| Package | 24.04 LTS |
|---|---|
| node-immutable | Needs evaluation |
Not in release
(PJSIP is a free and open source multimedia communication library writt ...)
1 affected package
pjproject
| Package | 24.04 LTS |
|---|---|
| pjproject | Not in release |
Not in release
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Not in release
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Not in release
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Not in release
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Not in release
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration...
1 affected package
zookeeper
| Package | 24.04 LTS |
|---|---|
| zookeeper | Needs evaluation |