English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

USN-7958-1 Unknown

USN-7958-1: AngularJS vulnerabilities

Canonical (Ubuntu) Released: January 14, 2026 Updated: January 15, 2026 Restart Required
Official Page

Description

It was discovered that AngularJS did not properly sanitize certain `xlink:href` attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. (CVE-2019-14863) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2022-25844) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. (CVE-2023-26116, CVE-2023-26117) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. (CVE-2025-0716)

Fixed Vulnerabilities 10

CVE-2022-25844 N/A 0.0 ⚠️ KEV fixed
May 01, 2022

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to…

CVE-2024-21490 N/A 0.0 ⚠️ KEV fixed
Feb 10, 2024

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear…

CVE-2023-26118 N/A 0.0 ⚠️ KEV fixed
Mar 30, 2023

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an…

CVE-2023-26117 N/A 0.0 ⚠️ KEV fixed
Mar 30, 2023

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of…

CVE-2023-26116 N/A 0.0 ⚠️ KEV fixed
Mar 30, 2023

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage…

CVE-2019-14863 N/A 0.0 ⚠️ KEV fixed
Jan 02, 2020

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to…

CVE-2025-2336 N/A 0.0 ⚠️ KEV fixed
Jun 04, 2025

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions.…

CVE-2025-0716 N/A 0.0 ⚠️ KEV fixed
Apr 29, 2025

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions.…

CVE-2024-8372 N/A 0.0 ⚠️ KEV fixed
Sep 09, 2024

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a…

CVE-2024-8373 N/A 0.0 ⚠️ KEV fixed
Sep 09, 2024

Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also…

Quick Info

Patch ID: USN-7958-1
Vendor: Canonical (Ubuntu)
Severity: Unknown
CVEs Fixed: 10
Restart: Required

Vendor

Canonical (Ubuntu)

Additional Info

action:
usn id: USN-7958-1
summary: Several security issues were fixed in AngularJS.
usn number: 7958-1
instructions: In general, a standard system update will make all the necessary changes.

Share