Search CVE reports
1211 – 1220 of 28330 results
Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
1 affected package
chromium-browser
Package | 24.04 LTS |
---|---|
chromium-browser | Not affected |
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium...
1 affected package
chromium-browser
Package | 24.04 LTS |
---|---|
chromium-browser | Not affected |
Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
1 affected package
chromium-browser
Package | 24.04 LTS |
---|---|
chromium-browser | Not affected |
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality,...
1 affected package
edk2
Package | 24.04 LTS |
---|---|
edk2 | Needs evaluation |
Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as...
1 affected package
golang-github-xenolf-lego
Package | 24.04 LTS |
---|---|
golang-github-xenolf-lego | Needs evaluation |
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
1 affected package
node-tmp
Package | 24.04 LTS |
---|---|
node-tmp | Needs evaluation |
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by...
1 affected package
golang-github-rs-cors
Package | 24.04 LTS |
---|---|
golang-github-rs-cors | Needs evaluation |
poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review...
1 affected package
poco
Package | 24.04 LTS |
---|---|
poco | Needs evaluation |
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is...
11 affected packages
golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...
Package | 24.04 LTS |
---|---|
golang-1.10 | Not in release |
golang-1.13 | Not in release |
golang-1.14 | Not in release |
golang-1.16 | Not in release |
golang-1.17 | Not in release |
golang-1.18 | Not in release |
golang-1.20 | Not in release |
golang-1.21 | Vulnerable |
golang-1.22 | Vulnerable |
golang-1.24 | Not in release |
golang-1.23 | Vulnerable |
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
1 affected package
golang-github-cloudflare-circl
Package | 24.04 LTS |
---|---|
golang-github-cloudflare-circl | Needs evaluation |