Search CVE reports
131 – 140 of 43937 results
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 22.04 LTS |
|---|---|
| dotnet6 | Vulnerable |
| dotnet7 | Ignored |
| dotnet8 | Vulnerable |
| dotnet9 | Not in release |
| dotnet10 | Not in release |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns...
1 affected package
symfony
| Package | 22.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to...
1 affected package
symfony
| Package | 22.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which...
1 affected package
symfony
| Package | 22.04 LTS |
|---|---|
| symfony | Needs evaluation |
### Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is documented as validating the address and throwing on invalid input,...
1 affected package
symfony
| Package | 22.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs...
1 affected package
symfony
| Package | 22.04 LTS |
|---|---|
| symfony | Needs evaluation |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw...
1 affected package
symfony
| Package | 22.04 LTS |
|---|---|
| symfony | Needs evaluation |
Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on...
1 affected package
libmojolicious-perl
| Package | 22.04 LTS |
|---|---|
| libmojolicious-perl | Needs evaluation |
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore...
1 affected package
jackson-databind
| Package | 22.04 LTS |
|---|---|
| jackson-databind | Needs evaluation |
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only...
1 affected package
pyasn1
| Package | 22.04 LTS |
|---|---|
| pyasn1 | Needs evaluation |