Search CVE reports
741 – 750 of 37431 results
Not in release
Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are...
1 affected package
lexbor
| Package | 22.04 LTS |
|---|---|
| lexbor | Not in release |
Not in release
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an...
1 affected package
lexbor
| Package | 22.04 LTS |
|---|---|
| lexbor | Not in release |
Not in release
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent...
1 affected package
check-mk
| Package | 22.04 LTS |
|---|---|
| check-mk | Not in release |
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 22.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | Not affected |
| openssl1.0 | Not in release |
| nodejs | Vulnerable |
| edk2 | Not affected |
Not in release
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes...
1 affected package
check-mk
| Package | 22.04 LTS |
|---|---|
| check-mk | Not in release |
Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by...
1 affected package
erlang
| Package | 22.04 LTS |
|---|---|
| erlang | Needs evaluation |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and...
1 affected package
erlang
| Package | 22.04 LTS |
|---|---|
| erlang | Needs evaluation |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program...
1 affected package
erlang
| Package | 22.04 LTS |
|---|---|
| erlang | Needs evaluation |
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT...
1 affected package
pyjwt
| Package | 22.04 LTS |
|---|---|
| pyjwt | Fixed |
Not in release
This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests...
1 affected package
node-undici
| Package | 22.04 LTS |
|---|---|
| node-undici | Not in release |