Search CVE reports
131 – 140 of 30559 results
Not in release
(GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
1 affected package
gitlab
| Package | 26.04 LTS |
|---|---|
| gitlab | Not in release |
Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body...
1 affected package
node-body-parser
| Package | 26.04 LTS |
|---|---|
| node-body-parser | Needs evaluation |
Not in release
(GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
1 affected package
gitlab
| Package | 26.04 LTS |
|---|---|
| gitlab | Not in release |
Not in release
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 26.04 LTS |
|---|---|
| gitlab | Not in release |
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or...
12 affected packages
mailcap, openjdk-8, openjdk-9, openjdk-lts, openjdk-13...
| Package | 26.04 LTS |
|---|---|
| mailcap | Fixed |
| openjdk-8 | Not affected |
| openjdk-9 | Not in release |
| openjdk-lts | Not affected |
| openjdk-13 | Not in release |
| openjdk-16 | Not in release |
| openjdk-17 | Not affected |
| openjdk-17-crac | Not affected |
| openjdk-18 | Not in release |
| openjdk-21 | Not affected |
| openjdk-21-crac | Not affected |
| openjdk-25 | Not affected |
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
2 affected packages
openssh, openssh-ssh1
| Package | 26.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
2 affected packages
openssh, openssh-ssh1
| Package | 26.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
2 affected packages
openssh, openssh-ssh1
| Package | 26.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
2 affected packages
openssh, openssh-ssh1
| Package | 26.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
2 affected packages
openssh, openssh-ssh1
| Package | 26.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |