Search CVE reports
121 – 130 of 38031 results
markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic (O(n^2)) processing in the smartquotes rule. The issue stems from repeatedly...
1 affected package
node-markdown-it
| Package | 24.04 LTS |
|---|---|
| node-markdown-it | Needs evaluation |
PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the Psl\H2\ServerConnection does not validate that the total bytes...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Needs evaluation |
| php8.4 | Not in release |
| php8.5 | Not in release |
Not in release
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process,...
1 affected package
shaarli
| Package | 24.04 LTS |
|---|---|
| shaarli | Not in release |
Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass...
1 affected package
tinyproxy
| Package | 24.04 LTS |
|---|---|
| tinyproxy | Needs evaluation |
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with...
1 affected package
libssh2
| Package | 24.04 LTS |
|---|---|
| libssh2 | Needs evaluation |
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion...
1 affected package
libssh2
| Package | 24.04 LTS |
|---|---|
| libssh2 | Needs evaluation |
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine...
1 affected package
tinyproxy
| Package | 24.04 LTS |
|---|---|
| tinyproxy | Needs evaluation |
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many...
1 affected package
tinyproxy
| Package | 24.04 LTS |
|---|---|
| tinyproxy | Needs evaluation |
Not in release
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript...
1 affected package
shaarli
| Package | 24.04 LTS |
|---|---|
| shaarli | Not in release |
Not in release
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated...
1 affected package
shaarli
| Package | 24.04 LTS |
|---|---|
| shaarli | Not in release |