Search CVE reports
601 – 610 of 1533 results
Some fixes available 3 of 33
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
1 affected package
golang-github-revel-revel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-revel-revel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
2 affected packages
golang-github-gorilla-handlers, golang-github-coreos-discovery-etcd-io
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-gorilla-handlers | Not affected | Not affected | Not affected | Vulnerable |
| golang-github-coreos-discovery-etcd-io | Not affected | Not affected | Not affected | Not in release |
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.
1 affected package
golang-github-gin-gonic-gin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-gin-gonic-gin | Not affected | Not affected | Needs evaluation | Needs evaluation |
A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched...
1 affected package
golang-github-go-macaron-i18n
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-go-macaron-i18n | Not in release | Vulnerable | Vulnerable | Vulnerable |
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
1 affected package
golang-github-containers-buildah
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-containers-buildah | Needs evaluation | Needs evaluation | Not in release | Not in release |
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
1 affected package
golang-github-containers-buildah
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-containers-buildah | Needs evaluation | Needs evaluation | Not in release | Not in release |
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
1 affected package
golang-github-labstack-echo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-labstack-echo | Needs evaluation | Needs evaluation | Not in release | Not in release |
Some fixes available 6 of 12
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this...
2 affected packages
python-git, gitpython
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-git | Needs evaluation | Fixed | Fixed | Fixed |
| gitpython | — | Not in release | Not in release | Not in release |
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the...
2 affected packages
golang-github-prometheus-exporter-toolkit, prometheus
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-prometheus-exporter-toolkit | Not affected | Vulnerable | Not in release | Not in release |
| prometheus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |