Search CVE reports
21 – 30 of 41 results
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
5 affected packages
mapcache, navit, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud....
4 affected packages
golang-github-dgrijalva-jwt-go, telegraf, golang-github-coreos-discovery-etcd-io, juju-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-dgrijalva-jwt-go | Not in release | Not affected | Needs evaluation | Needs evaluation |
| telegraf | Not in release | Needs evaluation | Not in release | Not in release |
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| juju-core | Not in release | Not in release | Not in release | Not in release |
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 5
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Not affected | Not affected | Fixed | Fixed |
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 14
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Vulnerable | Vulnerable | Fixed | Fixed |
Some fixes available 2 of 14
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Vulnerable | Vulnerable | Fixed | Fixed |
Some fixes available 2 of 14
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Vulnerable | Vulnerable | Fixed | Fixed |