Search CVE reports
1661 – 1670 of 26183 results
Some fixes available 1 of 2
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 26.04 LTS |
|---|---|
| openssl | Fixed |
| openssl-fips | Not in release |
| openssl1.0 | Not in release |
| nodejs | Not affected |
| edk2 | Needs evaluation |
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against...
3 affected packages
libsdl2-image, libsdl3-image, sdl-image1.2
| Package | 26.04 LTS |
|---|---|
| libsdl2-image | Needs evaluation |
| libsdl3-image | Needs evaluation |
| sdl-image1.2 | Needs evaluation |
Not in release
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the...
1 affected package
ocsinventory-server
| Package | 26.04 LTS |
|---|---|
| ocsinventory-server | Not in release |
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger...
1 affected package
discount
| Package | 26.04 LTS |
|---|---|
| discount | Needs evaluation |
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis...
1 affected package
docker-registry
| Package | 26.04 LTS |
|---|---|
| docker-registry | Needs evaluation |
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix...
1 affected package
vim
| Package | 26.04 LTS |
|---|---|
| vim | Vulnerable |
Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for...
1 affected package
hugo
| Package | 26.04 LTS |
|---|---|
| hugo | Needs evaluation |
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to...
3 affected packages
golang-github-go-jose-go-jose, golang-github-go-jose-go-jose.v3, golang-gopkg-square-go-jose.v2
| Package | 26.04 LTS |
|---|---|
| golang-github-go-jose-go-jose | Needs evaluation |
| golang-github-go-jose-go-jose.v3 | Needs evaluation |
| golang-gopkg-square-go-jose.v2 | Needs evaluation |
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction...
1 affected package
tar
| Package | 26.04 LTS |
|---|---|
| tar | Vulnerable |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder...
1 affected package
openexr
| Package | 26.04 LTS |
|---|---|
| openexr | Not affected |