Search CVE reports
1 – 10 of 1512 results
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
1 affected package
golang-github-antchfx-xpath
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-antchfx-xpath | Needs evaluation | Needs evaluation | Needs evaluation | — |
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
1 affected package
golang-github-jackc-pgproto3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-jackc-pgproto3 | Needs evaluation | Not in release | — | — |
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
1 affected package
golang-github-buger-jsonparser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-buger-jsonparser | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | Not in release | Not in release | — | — |
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | Not in release | Not in release | — | — |
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | Not in release | Not in release | — | — |
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | Not in release | Not in release | — | — |
(GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | Not in release | Not in release | — | — |
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the...
2 affected packages
golang-github-antchfx-xpath, golang-golang-x-vuln
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-antchfx-xpath | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-golang-x-vuln | Needs evaluation | Not in release | — | — |
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored,...
1 affected package
golang-github-tillitis-tkeyclient
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-tillitis-tkeyclient | Not in release | Not in release | — | — |