Search CVE reports
1 – 10 of 29881 results
Not in release
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data)...
1 affected package
golang-github-sigstore-timestamp-authority
| Package | 24.04 LTS |
|---|---|
| golang-github-sigstore-timestamp-authority | Not in release |
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside...
1 affected package
tika
| Package | 24.04 LTS |
|---|---|
| tika | Needs evaluation |
Not in release
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which...
1 affected package
golang-github-sigstore-fulcio
| Package | 24.04 LTS |
|---|---|
| golang-github-sigstore-fulcio | Not in release |
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 24.04 LTS |
|---|---|
| webkitgtk | Not in release |
| webkit2gtk | Needs evaluation |
| qtwebkit-source | Not in release |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | Not in release |
[mod_userdir+suexec bypass via AllowOverride FileInfo]
1 affected package
apache2
| Package | 24.04 LTS |
|---|---|
| apache2 | Needs evaluation |
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read...
1 affected package
golang-logrus
| Package | 24.04 LTS |
|---|---|
| golang-logrus | Needs evaluation |
[CGI environment variable override]
1 affected package
apache2
| Package | 24.04 LTS |
|---|---|
| apache2 | Needs evaluation |
Not in release
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.
1 affected package
sogo
| Package | 24.04 LTS |
|---|---|
| sogo | Not in release |
[NTLM Leakage on Windows through UNC SSRF]
1 affected package
apache2
| Package | 24.04 LTS |
|---|---|
| apache2 | Needs evaluation |
[Server Side Includes adds query string to #exec cmd=...]
1 affected package
apache2
| Package | 24.04 LTS |
|---|---|
| apache2 | Needs evaluation |