Search CVE reports
431 – 440 of 37865 results
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when...
1 affected package
util-linux
| Package | 22.04 LTS |
|---|---|
| util-linux | Needs evaluation |
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted...
1 affected package
ruby-rack
| Package | 22.04 LTS |
|---|---|
| ruby-rack | Not affected |
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parser#handle_mime_head parses quoted multipart parameters such as Content-Disposition:...
1 affected package
ruby-rack
| Package | 22.04 LTS |
|---|---|
| ruby-rack | Ignored |
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom...
1 affected package
node-xmldom
| Package | 22.04 LTS |
|---|---|
| node-xmldom | Needs evaluation |
Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges...
1 affected package
poetry
| Package | 22.04 LTS |
|---|---|
| poetry | Needs evaluation |
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwarded_values parses the RFC 7239 Forwarded header by splitting on semicolons before handling...
1 affected package
ruby-rack
| Package | 22.04 LTS |
|---|---|
| ruby-rack | Not affected |
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack...
1 affected package
ruby-rack
| Package | 22.04 LTS |
|---|---|
| ruby-rack | Ignored |
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | Ignored |