Search CVE reports
91 – 100 of 26528 results
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Not in release |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Not in release |
| golang-1.18 | Not in release |
| golang-1.20 | Not in release |
| golang-1.21 | Not in release |
| golang-1.22 | Not in release |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Needs evaluation |
(llama.cpp is an inference of several LLM models in C/C++. Prior to ver ...)
1 affected package
llama.cpp
| Package | 26.04 LTS |
|---|---|
| llama.cpp | Not affected |
(OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...)
1 affected package
optee-os
| Package | 26.04 LTS |
|---|---|
| optee-os | Needs evaluation |
(Spring MVC and WebFlux applications are vulnerable to cache poisoning ...)
1 affected package
libspring-java
| Package | 26.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
Not in release
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Not in release |
| php8.4 | Not in release |
Not in release
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the...
1 affected package
moodle
| Package | 26.04 LTS |
|---|---|
| moodle | Not in release |
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS |
|---|---|
| expat | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | Not in release |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Not in release |
| cadaver | Needs evaluation |
| gdcm | Not affected |
| ayttm | Not in release |
| cableswig | Not in release |
| coin3 | Not affected |
| matanza | Ignored |
| tdom | Needs evaluation |
| vtk | Not in release |
| smart | Not in release |
| firefox | Not affected |
| thunderbird | Not affected |
| libxmltok | Not in release |
Not in release
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N()Â method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Not in release |
| php8.4 | Not in release |
Not in release
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Not in release |
| php8.4 | Not in release |
Not in release
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Not in release |
| php8.4 | Not in release |