Search CVE reports
301 – 310 of 30717 results
Not in release
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it...
2 affected packages
golang-github-gofiber-fiber, golang-github-gofiber-fiber-v2
| Package | 26.04 LTS |
|---|---|
| golang-github-gofiber-fiber | Not in release |
| golang-github-gofiber-fiber-v2 | Not in release |
Not in release
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an...
2 affected packages
golang-github-gofiber-fiber, golang-github-gofiber-fiber-v2
| Package | 26.04 LTS |
|---|---|
| golang-github-gofiber-fiber | Not in release |
| golang-github-gofiber-fiber-v2 | Not in release |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7()...
1 affected package
onnx
| Package | 26.04 LTS |
|---|---|
| onnx | Needs evaluation |
Not in release
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash...
1 affected package
golang-github-gofiber-fiber
| Package | 26.04 LTS |
|---|---|
| golang-github-gofiber-fiber | Not in release |
Not in release
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially...
1 affected package
nomad
| Package | 26.04 LTS |
|---|---|
| nomad | Not in release |
Not in release
HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace...
1 affected package
nomad
| Package | 26.04 LTS |
|---|---|
| nomad | Not in release |
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image...
2 affected packages
pypdf, pypdf2
| Package | 26.04 LTS |
|---|---|
| pypdf | Needs evaluation |
| pypdf2 | Not in release |
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table...
2 affected packages
pypdf, pypdf2
| Package | 26.04 LTS |
|---|---|
| pypdf | Needs evaluation |
| pypdf2 | Not in release |
An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS |
|---|---|
| sqlite | Not in release |
| sqlite3 | Needs evaluation |
A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service....
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS |
|---|---|
| sqlite | Not in release |
| sqlite3 | Needs evaluation |