Search CVE reports
781 – 790 of 1535 results
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and...
1 affected package
golang-github-containers-buildah
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-containers-buildah | Vulnerable | Vulnerable | Not in release | Not in release |
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is...
1 affected package
golang-github-prometheus-client-golang
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-prometheus-client-golang | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone...
1 affected package
git
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| git | — | Ignored | Ignored | Ignored |
An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2,...
1 affected package
gitlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | — |
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
1 affected package
gitea
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gitea | — | — | — | — |
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
2 affected packages
golang-code.gitea-git, golang-code.gitea-sdk
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-code.gitea-git | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-code.gitea-sdk | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |