Search CVE reports
1 – 10 of 14 results
Some fixes available 4 of 8
TOCTOU race in sed -i --follow-symlinks
1 affected package
sed
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sed | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to...
2 affected packages
cups-browsed, cups-filters
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cups-browsed | — | Fixed | Not in release | Not in release | — |
| cups-filters | — | Not affected | Fixed | Fixed | Fixed |
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The...
2 affected packages
cups-filters, cups-browsed
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cups-filters | — | Not affected | Fixed | Fixed | Fixed |
| cups-browsed | — | Fixed | Not in release | Not in release | — |
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | — |
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.
2 affected packages
golang-github-jesseduffield-go-getter, golang-github-hashicorp-go-getter
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-jesseduffield-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | — |
| golang-github-hashicorp-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | — |
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | — |
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | — |
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | — |
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
2 affected packages
golang-github-hashicorp-go-getter, golang-github-jesseduffield-go-getter
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-hashicorp-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| golang-github-jesseduffield-go-getter | Not in release | Vulnerable | Vulnerable | Vulnerable | — |