Search CVE reports
201 – 210 of 39708 results
Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body...
1 affected package
node-body-parser
| Package | 24.04 LTS |
|---|---|
| node-body-parser | Needs evaluation |
Not in release
(GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or...
12 affected packages
mailcap, openjdk-8, openjdk-9, openjdk-lts, openjdk-13...
| Package | 24.04 LTS |
|---|---|
| mailcap | Fixed |
| openjdk-8 | Not affected |
| openjdk-9 | Not in release |
| openjdk-lts | Not affected |
| openjdk-13 | Not in release |
| openjdk-16 | Not in release |
| openjdk-17 | Not affected |
| openjdk-17-crac | Not in release |
| openjdk-18 | Not in release |
| openjdk-21 | Not affected |
| openjdk-21-crac | Not in release |
| openjdk-25 | Not affected |
Some fixes available 1 of 2
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |