Search CVE reports
2681 – 2690 of 26567 results
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (&#NNN;, &#xHH;) and...
1 affected package
node-webfont
| Package | 26.04 LTS |
|---|---|
| node-webfont | Needs evaluation |
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored,...
1 affected package
golang-github-tillitis-tkeyclient
| Package | 26.04 LTS |
|---|---|
| golang-github-tillitis-tkeyclient | Needs evaluation |
Not in release
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's...
1 affected package
pjproject
| Package | 26.04 LTS |
|---|---|
| pjproject | Not in release |
Not in release
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between...
1 affected package
pjproject
| Package | 26.04 LTS |
|---|---|
| pjproject | Not in release |
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the...
1 affected package
pydicom
| Package | 26.04 LTS |
|---|---|
| pydicom | Needs evaluation |
lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from...
1 affected package
rust-lz4-flex
| Package | 26.04 LTS |
|---|---|
| rust-lz4-flex | Needs evaluation |
Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This...
1 affected package
libspring-java
| Package | 26.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25,...
1 affected package
libspring-java
| Package | 26.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
[Unknown description]
1 affected package
qemu
| Package | 26.04 LTS |
|---|---|
| qemu | Vulnerable |
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 26.04 LTS |
|---|---|
| rust-tar | Not affected |
| rustc | Not in release |
| rustc-1.62 | Not in release |
| rustc-1.74 | Not in release |
| rustc-1.76 | Not in release |
| rustc-1.77 | Not in release |
| rustc-1.78 | Not in release |
| rustc-1.79 | Not in release |
| rustc-1.80 | Not in release |
| rustc-1.81 | Not in release |
| rustc-1.82 | Not in release |
| rustc-1.83 | Not in release |
| rustc-1.84 | Not in release |
| rustc-1.85 | Not in release |
| rustc-1.88 | Not in release |
| rustc-1.89 | Not in release |
| rustc-1.91 | Not affected |
| rustc-1.92 | Not affected |
| rustc-1.93 | Not affected |
| cargo | Not in release |
| rust-cargo-c | Not affected |
| rust-async-tar | Not in release |
| rust-astral-tokio-tar | Needs evaluation |