Search CVE reports
71 – 80 of 1594 results
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by...
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | — | — |
Memory-safety vulnerability in github.com/jackc/pgx/v5.
1 affected package
golang-github-jackc-pgx-v5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-jackc-pgx-v5 | Needs evaluation | Not in release | Not in release | — | — |
Memory-safety vulnerability in github.com/jackc/pgx/v5.
1 affected package
golang-github-jackc-pgx-v5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-jackc-pgx-v5 | Needs evaluation | Not in release | Not in release | — | — |
Rejected reason: CVE confirmed to be a false positive
2 affected packages
golang-github-coreos-bbolt, golang-github-boltdb-bolt
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-bbolt | — | Not affected | Not affected | Not affected | Not affected |
| golang-github-boltdb-bolt | — | Not affected | Not affected | Not affected | Not affected |
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to...
3 affected packages
golang-github-go-jose-go-jose, golang-github-go-jose-go-jose.v3, golang-gopkg-square-go-jose.v2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-go-jose-go-jose | Needs evaluation | Needs evaluation | Not in release | — | — |
| golang-github-go-jose-go-jose.v3 | Needs evaluation | Not in release | Not in release | — | — |
| golang-gopkg-square-go-jose.v2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric...
1 affected package
golang-github-go-git-go-git
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-go-git-go-git | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded...
1 affected package
golang-github-go-git-go-git
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-go-git-go-git | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with...
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | — | — |
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
1 affected package
golang-github-antchfx-xpath
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-antchfx-xpath | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
1 affected package
golang-github-jackc-pgproto3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-jackc-pgproto3 | Needs evaluation | Needs evaluation | Not in release | — | — |