Search CVE reports
81 – 90 of 32471 results
Not in release
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML...
1 affected package
check-mk
| Package | 24.04 LTS |
|---|---|
| check-mk | Not in release |
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability...
1 affected package
angular.js
| Package | 24.04 LTS |
|---|---|
| angular.js | Needs evaluation |
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML...
1 affected package
node-webfont
| Package | 24.04 LTS |
|---|---|
| node-webfont | Needs evaluation |
[Access control bypass due to improper hostname canonicalization]
1 affected package
util-linux
| Package | 24.04 LTS |
|---|---|
| util-linux | Needs evaluation |
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with...
1 affected package
node-minimatch
| Package | 24.04 LTS |
|---|---|
| node-minimatch | Needs evaluation |
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive...
1 affected package
node-minimatch
| Package | 24.04 LTS |
|---|---|
| node-minimatch | Needs evaluation |
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader...
1 affected package
pypdf
| Package | 24.04 LTS |
|---|---|
| pypdf | Needs evaluation |
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit `7d3aee1` only validates the first...
1 affected package
node-dottie
| Package | 24.04 LTS |
|---|---|
| node-dottie | Needs evaluation |
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property...
1 affected package
c3p0
| Package | 24.04 LTS |
|---|---|
| c3p0 | Needs evaluation |
GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd XML attribute is copied from...
1 affected package
gpac
| Package | 24.04 LTS |
|---|---|
| gpac | Needs evaluation |