Search CVE reports
431 – 440 of 36093 results
Not in release
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and...
1 affected package
grafana
| Package | 22.04 LTS |
|---|---|
| grafana | Not in release |
Not in release
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result,...
1 affected package
grafana
| Package | 22.04 LTS |
|---|---|
| grafana | Not in release |
Not in release
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the local metadata cache directory....
1 affected package
golang-github-theupdateframework-go-tuf
| Package | 22.04 LTS |
|---|---|
| golang-github-theupdateframework-go-tuf | Not in release |
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can...
1 affected package
python-multipart
| Package | 22.04 LTS |
|---|---|
| python-multipart | Fixed |
QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9,...
1 affected package
qgis
| Package | 22.04 LTS |
|---|---|
| qgis | Needs evaluation |
Some fixes available 1 of 3
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 22.04 LTS |
|---|---|
| openssl | Fixed |
| openssl1.0 | Not in release |
| nodejs | Vulnerable |
| edk2 | Needs evaluation |
Some fixes available 1 of 2
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 22.04 LTS |
|---|---|
| openssl | Fixed |
| openssl1.0 | Not in release |
| nodejs | Vulnerable |
| edk2 | Not affected |
Some fixes available 1 of 2
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 22.04 LTS |
|---|---|
| openssl | Fixed |
| openssl1.0 | Not in release |
| nodejs | Vulnerable |
| edk2 | Not affected |
Some fixes available 1 of 2
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 22.04 LTS |
|---|---|
| openssl | Fixed |
| openssl1.0 | Not in release |
| nodejs | Vulnerable |
| edk2 | Not affected |
Some fixes available 1 of 3
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 22.04 LTS |
|---|---|
| openssl | Fixed |
| openssl1.0 | Not in release |
| nodejs | Vulnerable |
| edk2 | Needs evaluation |