Search CVE reports
581 – 590 of 1520 results
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of...
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of...
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release |
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure...
1 affected package
golang-github-go-macaron-csrf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-go-macaron-csrf | Not in release | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 3 of 33
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, webhook, singularity-container
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks...
1 affected package
golang-github-aws-aws-sdk-go
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-aws-aws-sdk-go | Not affected | Not affected | Needs evaluation | Needs evaluation |
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt...
1 affected package
golang-github-flynn-noise
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-flynn-noise | Needs evaluation | Needs evaluation | Not in release | Not in release |
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This...
1 affected package
golang-github-masterminds-goutils
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-masterminds-goutils | Needs evaluation | Needs evaluation | Not in release | Not in release |
Some fixes available 3 of 33
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
1 affected package
golang-github-revel-revel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-revel-revel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
2 affected packages
golang-github-gorilla-handlers, golang-github-coreos-discovery-etcd-io
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-gorilla-handlers | Not affected | Not affected | Not affected | Vulnerable |
| golang-github-coreos-discovery-etcd-io | Not affected | Not affected | Not affected | Not in release |