Search CVE reports
401 – 410 of 40688 results
NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.
2 affected packages
golang-golang-x-sys, google-guest-agent
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-sys | Needs evaluation |
| google-guest-agent | Needs evaluation |
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program...
1 affected package
pcmanfm-qt
| Package | 20.04 LTS |
|---|---|
| pcmanfm-qt | Needs evaluation |
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 20.04 LTS |
|---|---|
| ruby2.3 | — |
| ruby2.5 | — |
| ruby2.7 | Needs evaluation |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Needs evaluation |
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-net-dev | Needs evaluation |
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-net-dev | Needs evaluation |
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This...
1 affected package
golang-golang-x-net-dev
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-net-dev | Needs evaluation |
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-net-dev | Needs evaluation |
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
1 affected package
golang-golang-x-net-dev
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-net-dev | Needs evaluation |
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
1 affected package
golang-golang-x-net-dev
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-net-dev | Needs evaluation |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression...
1 affected package
nginx
| Package | 20.04 LTS |
|---|---|
| nginx | Needs evaluation |