Search CVE reports
791 – 800 of 36525 results
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within...
1 affected package
etcd
| Package | 24.04 LTS |
|---|---|
| etcd | Needs evaluation |
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2/<name>/manifests/<tag> endpoint bypasses the storage.delete.enabled: false configuration, allowing any...
1 affected package
docker-registry
| Package | 24.04 LTS |
|---|---|
| docker-registry | Needs evaluation |
CWE-601 URL redirection to untrusted site ('open redirect')
1 affected package
ntopng
| Package | 24.04 LTS |
|---|---|
| ntopng | Needs evaluation |
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already...
1 affected package
libpodofo
| Package | 24.04 LTS |
|---|---|
| libpodofo | Needs evaluation |
css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via...
1 affected package
ruby-css-parser
| Package | 24.04 LTS |
|---|---|
| ruby-css-parser | Needs evaluation |
Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger,...
1 affected package
rust-wasmtime
| Package | 24.04 LTS |
|---|---|
| rust-wasmtime | Needs evaluation |
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 24.04 LTS |
|---|---|
| postgresql-18 | Not in release |
| postgresql-17 | Not in release |
| postgresql-16 | Fixed |
| postgresql-14 | Not in release |
| postgresql-12 | Not in release |
| postgresql-10 | Not in release |
| postgresql-9.5 | Not in release |
| postgresql-9.3 | Not in release |
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 24.04 LTS |
|---|---|
| postgresql-18 | Not in release |
| postgresql-17 | Not in release |
| postgresql-16 | Fixed |
| postgresql-14 | Not in release |
| postgresql-12 | Not in release |
| postgresql-10 | Not in release |
| postgresql-9.5 | Not in release |
| postgresql-9.3 | Not in release |
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 24.04 LTS |
|---|---|
| postgresql-18 | Not in release |
| postgresql-17 | Not in release |
| postgresql-16 | Fixed |
| postgresql-14 | Not in release |
| postgresql-12 | Not in release |
| postgresql-10 | Not in release |
| postgresql-9.5 | Not in release |
| postgresql-9.3 | Not in release |
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 24.04 LTS |
|---|---|
| postgresql-18 | Not in release |
| postgresql-17 | Not in release |
| postgresql-16 | Fixed |
| postgresql-14 | Not in release |
| postgresql-12 | Not in release |
| postgresql-10 | Not in release |
| postgresql-9.5 | Not in release |
| postgresql-9.3 | Not in release |