Search CVE reports
751 – 760 of 50428 results
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer...
1 affected package
gdal
| Package | 16.04 LTS |
|---|---|
| gdal | Ignored |
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even...
2 affected packages
asterisk, pjproject
| Package | 16.04 LTS |
|---|---|
| asterisk | Ignored |
| pjproject | Ignored |
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
16 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
| Package | 16.04 LTS |
|---|---|
| golang-1.10 | Not affected |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
| golang-1.6 | Not affected |
| golang-1.8 | — |
| golang-1.9 | — |
| golang | — |
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute,...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |