Search CVE reports
181 – 190 of 37368 results
`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node...
1 affected package
node-yaml
| Package | 22.04 LTS |
|---|---|
| node-yaml | Needs evaluation |
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
1 affected package
golang-github-antchfx-xpath
| Package | 22.04 LTS |
|---|---|
| golang-github-antchfx-xpath | Needs evaluation |
Not in release
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
1 affected package
golang-github-jackc-pgproto3
| Package | 22.04 LTS |
|---|---|
| golang-github-jackc-pgproto3 | Not in release |
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
1 affected package
golang-github-buger-jsonparser
| Package | 22.04 LTS |
|---|---|
| golang-github-buger-jsonparser | Needs evaluation |
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending....
2 affected packages
libsoup2.4, libsoup3
| Package | 22.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | Needs evaluation |
Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial...
1 affected package
node-path-to-regexp
| Package | 22.04 LTS |
|---|---|
| node-path-to-regexp | Needs evaluation |
Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other...
1 affected package
node-path-to-regexp
| Package | 22.04 LTS |
|---|---|
| node-path-to-regexp | Needs evaluation |
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection...
1 affected package
node-path-to-regexp
| Package | 22.04 LTS |
|---|---|
| node-path-to-regexp | Not affected |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Needs evaluation |
| firefox | Not affected |
| thunderbird | Not affected |
| chromium-browser | Not affected |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Needs evaluation |
| firefox | Not affected |
| thunderbird | Not affected |
| chromium-browser | Not affected |