Search CVE reports
1701 – 1710 of 39363 results
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g....
1 affected package
python-cryptography
| Package | 22.04 LTS |
|---|---|
| python-cryptography | Not affected |
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the...
1 affected package
golang-opentelemetry-otel
| Package | 22.04 LTS |
|---|---|
| golang-opentelemetry-otel | Needs evaluation |
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for...
1 affected package
golang-opentelemetry-otel
| Package | 22.04 LTS |
|---|---|
| golang-opentelemetry-otel | Needs evaluation |
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service...
1 affected package
kamailio
| Package | 22.04 LTS |
|---|---|
| kamailio | Needs evaluation |
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service...
1 affected package
kamailio
| Package | 22.04 LTS |
|---|---|
| kamailio | Needs evaluation |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent...
1 affected package
node-axios
| Package | 22.04 LTS |
|---|---|
| node-axios | Needs evaluation |
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the...
2 affected packages
jetty, jetty9
| Package | 22.04 LTS |
|---|---|
| jetty | Not in release |
| jetty9 | Needs evaluation |
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |