Search CVE reports
1281 – 1290 of 37865 results
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart...
1 affected package
cpp-httplib
| Package | 22.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration...
1 affected package
zookeeper
| Package | 22.04 LTS |
|---|---|
| zookeeper | Needs evaluation |
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...
1 affected package
zookeeper
| Package | 22.04 LTS |
|---|---|
| zookeeper | Needs evaluation |
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of...
1 affected package
dpkg
| Package | 22.04 LTS |
|---|---|
| dpkg | Needs evaluation |
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 22.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 22.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 22.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 22.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 22.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Not in release
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause...
1 affected package
quickjs
| Package | 22.04 LTS |
|---|---|
| quickjs | Not in release |