Search CVE reports

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type...

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead...

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim’s...

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations...

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could...

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to...

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the...

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the...