Search CVE reports
181 – 190 of 39691 results
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially...
1 affected package
389-ds-base
| Package | 24.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |
(Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry co ...)
1 affected package
libimager-perl
| Package | 24.04 LTS |
|---|---|
| libimager-perl | Needs evaluation |
Not in release
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
(GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body...
1 affected package
node-body-parser
| Package | 24.04 LTS |
|---|---|
| node-body-parser | Needs evaluation |
Not in release
(GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or...
12 affected packages
mailcap, openjdk-8, openjdk-9, openjdk-lts, openjdk-13...
| Package | 24.04 LTS |
|---|---|
| mailcap | Fixed |
| openjdk-8 | Not affected |
| openjdk-9 | Not in release |
| openjdk-lts | Not affected |
| openjdk-13 | Not in release |
| openjdk-16 | Not in release |
| openjdk-17 | Not affected |
| openjdk-17-crac | Not in release |
| openjdk-18 | Not in release |
| openjdk-21 | Not affected |
| openjdk-21-crac | Not in release |
| openjdk-25 | Not affected |
Some fixes available 1 of 2
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Some fixes available 1 of 2
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |