Search CVE reports
2301 – 2310 of 26183 results
lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from...
1 affected package
rust-lz4-flex
| Package | 26.04 LTS |
|---|---|
| rust-lz4-flex | Needs evaluation |
Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This...
1 affected package
libspring-java
| Package | 26.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25,...
1 affected package
libspring-java
| Package | 26.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
[Unknown description]
1 affected package
qemu
| Package | 26.04 LTS |
|---|---|
| qemu | Vulnerable |
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 26.04 LTS |
|---|---|
| rust-tar | Not affected |
| rustc | Not in release |
| rustc-1.62 | Not in release |
| rustc-1.74 | Not in release |
| rustc-1.76 | Not in release |
| rustc-1.77 | Not in release |
| rustc-1.78 | Not in release |
| rustc-1.79 | Not in release |
| rustc-1.80 | Not in release |
| rustc-1.81 | Not in release |
| rustc-1.82 | Not in release |
| rustc-1.83 | Not in release |
| rustc-1.84 | Not in release |
| rustc-1.85 | Not in release |
| rustc-1.88 | Not in release |
| rustc-1.89 | Not in release |
| rustc-1.91 | Not affected |
| rustc-1.92 | Not affected |
| rustc-1.93 | Not affected |
| cargo | Not in release |
| rust-cargo-c | Not affected |
| rust-async-tar | Not in release |
| rust-astral-tokio-tar | Needs evaluation |
tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518,...
1 affected package
rust-tar
| Package | 26.04 LTS |
|---|---|
| rust-tar | Needs evaluation |
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time...
1 affected package
rust-libp2p-identity
| Package | 26.04 LTS |
|---|---|
| rust-libp2p-identity | Needs evaluation |
phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 26.04 LTS |
|---|---|
| php-phpseclib | Needs evaluation |
| php-phpseclib3 | Needs evaluation |
| phpseclib | Needs evaluation |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the...
3 affected packages
collada2gltf, pandas, ujson
| Package | 26.04 LTS |
|---|---|
| collada2gltf | Not in release |
| pandas | Not affected |
| ujson | Fixed |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1])...
3 affected packages
collada2gltf, pandas, ujson
| Package | 26.04 LTS |
|---|---|
| collada2gltf | Not in release |
| pandas | Not affected |
| ujson | Fixed |