Search CVE reports
181 – 190 of 30617 results
CVE-2023-39333
Medium priorityMaliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if...
1 affected packages
nodejs
| Package | 18.04 LTS |
|---|---|
| nodejs | Needs evaluation |
CVE-2023-30587
Medium priorityA vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector). By exploiting the Worker class's ability to create an...
1 affected packages
nodejs
| Package | 18.04 LTS |
|---|---|
| nodejs | Not affected |
CVE-2023-30584
Medium priorityA vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at...
1 affected packages
nodejs
| Package | 18.04 LTS |
|---|---|
| nodejs | Not affected |
CVE-2023-30583
Medium priorityfs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API. Please...
1 affected packages
nodejs
| Package | 18.04 LTS |
|---|---|
| nodejs | Not affected |
CVE-2023-30582
Medium priorityA vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that...
1 affected packages
nodejs
| Package | 18.04 LTS |
|---|---|
| nodejs | Not affected |
CVE-2024-34158
Medium priorityCalling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.19 | — |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
CVE-2024-34156
Medium priorityCalling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.19 | — |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
CVE-2024-34155
Medium priorityCalling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.19 | — |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
CVE-2024-7652
Medium priorityAn error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 18.04 LTS |
|---|---|
| firefox | — |
| mozjs102 | — |
| mozjs115 | — |
| mozjs38 | Needs evaluation |
| mozjs52 | Ignored |
| mozjs68 | — |
| mozjs78 | — |
| mozjs91 | — |
| thunderbird | — |
CVE-2024-8517
Medium prioritySPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
1 affected packages
spip
| Package | 18.04 LTS |
|---|---|
| spip | Needs evaluation |