Search CVE reports
321 – 330 of 49990 results
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 16.04 LTS |
|---|---|
| golang-golang-x-net | — |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Needs evaluation |
| adsys | — |
| juju-core | Needs evaluation |
| lxd | Needs evaluation |
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main...
1 affected package
python-git
| Package | 16.04 LTS |
|---|---|
| python-git | Needs evaluation |
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent...
1 affected package
python-git
| Package | 16.04 LTS |
|---|---|
| python-git | Needs evaluation |
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this...
1 affected package
gnutls28
| Package | 16.04 LTS |
|---|---|
| gnutls28 | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The...
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file...
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for...
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Needs evaluation |
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending...
1 affected package
gnutls28
| Package | 16.04 LTS |
|---|---|
| gnutls28 | Needs evaluation |
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based...
1 affected package
gdal
| Package | 16.04 LTS |
|---|---|
| gdal | Needs evaluation |