Search CVE reports
11 – 20 of 35988 results
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit...
1 affected package
micropython
| Package | 22.04 LTS |
|---|---|
| micropython | Needs evaluation |
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack...
1 affected package
libuvc
| Package | 22.04 LTS |
|---|---|
| libuvc | Needs evaluation |
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be...
1 affected package
mruby
| Package | 22.04 LTS |
|---|---|
| mruby | Needs evaluation |
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using...
1 affected package
node-webpack
| Package | 22.04 LTS |
|---|---|
| node-webpack | Needs evaluation |
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate...
1 affected package
node-webpack
| Package | 22.04 LTS |
|---|---|
| node-webpack | Needs evaluation |
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 22.04 LTS |
|---|---|
| golang-golang-x-net | Needs evaluation |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Not in release |
| adsys | Needs evaluation |
| juju-core | Not in release |
| lxd | Not in release |
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 22.04 LTS |
|---|---|
| golang-golang-x-net | Needs evaluation |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Not in release |
| adsys | Needs evaluation |
| juju-core | Not in release |
| lxd | Not in release |
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist...
1 affected package
codeblocks
| Package | 22.04 LTS |
|---|---|
| codeblocks | Needs evaluation |
Not in release
jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an...
1 affected package
rust-jsonwebtoken
| Package | 22.04 LTS |
|---|---|
| rust-jsonwebtoken | Not in release |
Not in release
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially...
1 affected package
web2py
| Package | 22.04 LTS |
|---|---|
| web2py | Not in release |