Search CVE reports
11 – 20 of 41 results
Some fixes available 5 of 11
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Needs evaluation | Fixed | Fixed | Fixed |
Some fixes available 3 of 33
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, webhook, singularity-container
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
Some fixes available 3 of 33
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
2 affected packages
golang-github-gorilla-handlers, golang-github-coreos-discovery-etcd-io
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-gorilla-handlers | Not affected | Not affected | Not affected | Vulnerable |
| golang-github-coreos-discovery-etcd-io | Not affected | Not affected | Not affected | Not in release |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | — |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 1 of 48
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
4 affected packages
mapcache, netcdf-parallel, scilab, netcdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 1 of 59
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
5 affected packages
mapcache, navit, netcdf-parallel, scilab, netcdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
Some fixes available 1 of 59
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
5 affected packages
mapcache, navit, netcdf-parallel, scilab, netcdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
Some fixes available 1 of 59
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
5 affected packages
mapcache, navit, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |