Search CVE reports
31 – 40 of 33165 results
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via a plain property lookup on `options.partials`...
1 affected package
node-handlebars
| Package | 24.04 LTS |
|---|---|
| node-handlebars | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui`...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
Not in release
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an...
1 affected package
node-node-forge
| Package | 24.04 LTS |
|---|---|
| node-node-forge | Not in release |
Not in release
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not...
1 affected package
node-node-forge
| Package | 24.04 LTS |
|---|---|
| node-node-forge | Not in release |
Not in release
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3)....
1 affected package
node-node-forge
| Package | 24.04 LTS |
|---|---|
| node-node-forge | Not in release |
Not in release
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the...
1 affected package
node-node-forge
| Package | 24.04 LTS |
|---|---|
| node-node-forge | Not in release |
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling...
1 affected package
netty
| Package | 24.04 LTS |
|---|---|
| netty | Needs evaluation |
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence...
1 affected package
node-brace-expansion
| Package | 24.04 LTS |
|---|---|
| node-brace-expansion | Needs evaluation |