Search CVE reports
71 – 80 of 37797 results
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a...
1 affected package
node-axios
| Package | 22.04 LTS |
|---|---|
| node-axios | Needs evaluation |
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the...
1 affected package
subiquity
| Package | 22.04 LTS |
|---|---|
| subiquity | Not affected |
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as...
1 affected package
subiquity
| Package | 22.04 LTS |
|---|---|
| subiquity | Needs evaluation |
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium...
1 affected package
chromium-browser
| Package | 22.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
1 affected package
chromium-browser
| Package | 22.04 LTS |
|---|---|
| chromium-browser | Not affected |
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
1 affected package
chromium-browser
| Package | 22.04 LTS |
|---|---|
| chromium-browser | Not affected |
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security...
1 affected package
chromium-browser
| Package | 22.04 LTS |
|---|---|
| chromium-browser | Not affected |
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
1 affected package
chromium-browser
| Package | 22.04 LTS |
|---|---|
| chromium-browser | Not affected |
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
1 affected package
chromium-browser
| Package | 22.04 LTS |
|---|---|
| chromium-browser | Not affected |
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
1 affected package
chromium-browser
| Package | 22.04 LTS |
|---|---|
| chromium-browser | Not affected |