Search CVE reports
831 – 840 of 36525 results
Not in release
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
1 affected package
sogo
| Package | 24.04 LTS |
|---|---|
| sogo | Not in release |
Not in release
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
1 affected package
sogo
| Package | 24.04 LTS |
|---|---|
| sogo | Not in release |
In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.
1 affected package
ironic
| Package | 24.04 LTS |
|---|---|
| ironic | Needs evaluation |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible...
1 affected package
nginx
| Package | 24.04 LTS |
|---|---|
| nginx | Fixed |
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the...
1 affected package
rust-gix-fs
| Package | 24.04 LTS |
|---|---|
| rust-gix-fs | Needs evaluation |
The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS |
|---|---|
| python2.7 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Not in release |
| python3.11 | Not in release |
| python3.12 | Needs evaluation |
| python3.13 | Not in release |
| python3.14 | Not in release |
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously...
1 affected package
python-multipart
| Package | 24.04 LTS |
|---|---|
| python-multipart | Needs evaluation |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS...
1 affected package
twisted
| Package | 24.04 LTS |
|---|---|
| twisted | Needs evaluation |