Search CVE reports
371 – 380 of 43971 results
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
Not in release
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using...
2 affected packages
youtube-dl, yt-dlp
| Package | 22.04 LTS |
|---|---|
| youtube-dl | Needs evaluation |
| yt-dlp | Needs evaluation |
Not in release
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it...
2 affected packages
golang-github-gofiber-fiber, golang-github-gofiber-fiber-v2
| Package | 22.04 LTS |
|---|---|
| golang-github-gofiber-fiber | Not in release |
| golang-github-gofiber-fiber-v2 | Not in release |
Not in release
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an...
2 affected packages
golang-github-gofiber-fiber, golang-github-gofiber-fiber-v2
| Package | 22.04 LTS |
|---|---|
| golang-github-gofiber-fiber | Not in release |
| golang-github-gofiber-fiber-v2 | Not in release |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7()...
1 affected package
onnx
| Package | 22.04 LTS |
|---|---|
| onnx | Needs evaluation |
Not in release
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash...
1 affected package
golang-github-gofiber-fiber
| Package | 22.04 LTS |
|---|---|
| golang-github-gofiber-fiber | Not in release |
Not in release
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially...
1 affected package
nomad
| Package | 22.04 LTS |
|---|---|
| nomad | Not in release |
Not in release
HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace...
1 affected package
nomad
| Package | 22.04 LTS |
|---|---|
| nomad | Not in release |
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image...
2 affected packages
pypdf, pypdf2
| Package | 22.04 LTS |
|---|---|
| pypdf | Not in release |
| pypdf2 | Needs evaluation |