Search CVE reports
201 – 210 of 23512 results
CVE-2024-8637
Medium priorityUse after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
1 affected packages
chromium-browser
Package | 22.04 LTS |
---|---|
chromium-browser | Not affected |
CVE-2024-8636
Medium priorityHeap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
1 affected packages
chromium-browser
Package | 22.04 LTS |
---|---|
chromium-browser | Not affected |
CVE-2024-8096
Medium priorityWhen curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the...
1 affected packages
curl
Package | 22.04 LTS |
---|---|
curl | Fixed |
CVE-2024-45409
Medium priorityThe Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to...
1 affected packages
ruby-saml
Package | 22.04 LTS |
---|---|
ruby-saml | Needs evaluation |
CVE-2024-45593
Medium priorityNix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations...
1 affected packages
nix
Package | 22.04 LTS |
---|---|
nix | Needs evaluation |
CVE-2024-45590
Medium prioritybody-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of...
1 affected packages
node-body-parser
Package | 22.04 LTS |
---|---|
node-body-parser | Needs evaluation |
CVE-2024-45044
Medium priorityNot in release
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check...
1 affected packages
bareos
Package | 22.04 LTS |
---|---|
bareos | Not in release |
CVE-2024-43800
Medium priorityserve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
1 affected packages
node-serve-static
Package | 22.04 LTS |
---|---|
node-serve-static | Needs evaluation |
CVE-2024-43799
Medium prioritySend is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
1 affected packages
node-send
Package | 22.04 LTS |
---|---|
node-send | Needs evaluation |
CVE-2024-43796
Medium priorityExpress.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
1 affected packages
node-express
Package | 22.04 LTS |
---|---|
node-express | Needs evaluation |