Search CVE reports
2781 – 2790 of 35263 results
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of...
1 affected package
dpkg
| Package | 24.04 LTS |
|---|---|
| dpkg | Vulnerable |
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and...
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
3 affected packages
golang-1.24, golang-1.25, golang-1.26
| Package | 24.04 LTS |
|---|---|
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
| golang-1.26 | Not in release |
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause...
1 affected package
quickjs
| Package | 24.04 LTS |
|---|---|
| quickjs | Needs evaluation |
Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject()...
1 affected package
node-immutable
| Package | 24.04 LTS |
|---|---|
| node-immutable | Needs evaluation |
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with...
1 affected package
quickjs
| Package | 24.04 LTS |
|---|---|
| quickjs | Needs evaluation |
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup...
1 affected package
binutils
| Package | 24.04 LTS |
|---|---|
| binutils | Vulnerable |