Search CVE reports
171 – 180 of 30617 results
CVE-2024-45411
Medium priorityTwig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
2 affected packages
php-twig, twig
Package | 18.04 LTS |
---|---|
php-twig | — |
twig | Needs evaluation |
CVE-2024-45296
Medium prioritypath-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex...
1 affected packages
node-path-to-regexp
Package | 18.04 LTS |
---|---|
node-path-to-regexp | Needs evaluation |
CVE-2024-24510
Medium priorityCross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.
1 affected packages
sogo
Package | 18.04 LTS |
---|---|
sogo | Needs evaluation |
CVE-2024-8373
Medium priorityImproper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content...
1 affected packages
angular.js
Package | 18.04 LTS |
---|---|
angular.js | Needs evaluation |
CVE-2024-8372
Medium priorityImproper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content...
1 affected packages
angular.js
Package | 18.04 LTS |
---|---|
angular.js | Needs evaluation |
CVE-2024-45160
Medium priority[Unknown description]
1 affected packages
lemonldap-ng
Package | 18.04 LTS |
---|---|
lemonldap-ng | Needs evaluation |
CVE-2024-42934
Low prioritymissing check on the authorization type on incoming LAN messages
1 affected packages
openipmi
Package | 18.04 LTS |
---|---|
openipmi | Needs evaluation |
CVE-2024-36138
Medium priorityBypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject...
1 affected packages
nodejs
Package | 18.04 LTS |
---|---|
nodejs | Needs evaluation |
CVE-2024-36137
Medium priorityA vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as...
1 affected packages
nodejs
Package | 18.04 LTS |
---|---|
nodejs | Needs evaluation |
CVE-2023-46809
Medium priorityNode.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1...
1 affected packages
nodejs
Package | 18.04 LTS |
---|---|
nodejs | Needs evaluation |