Search CVE reports
761 – 770 of 50428 results
The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
7 affected packages
containerd, golang-golang-x-net, google-guest-agent, golang-golang-x-net-dev, adsys...
| Package | 16.04 LTS |
|---|---|
| containerd | Ignored |
| golang-golang-x-net | — |
| google-guest-agent | Ignored |
| golang-golang-x-net-dev | Needs evaluation |
| adsys | — |
| juju-core | Needs evaluation |
| lxd | Needs evaluation |
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Ignored |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Ignored |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main...
1 affected package
python-git
| Package | 16.04 LTS |
|---|---|
| python-git | Ignored |
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent...
1 affected package
python-git
| Package | 16.04 LTS |
|---|---|
| python-git | Ignored |
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this...
1 affected package
gnutls28
| Package | 16.04 LTS |
|---|---|
| gnutls28 | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The...
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file...
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for...
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Needs evaluation |
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending...
1 affected package
gnutls28
| Package | 16.04 LTS |
|---|---|
| gnutls28 | Needs evaluation |