Search CVE reports
431 – 440 of 30790 results
Some fixes available 1 of 2
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
2 affected packages
openssh, openssh-ssh1
| Package | 26.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates
1 affected package
freetype
| Package | 26.04 LTS |
|---|---|
| freetype | Needs evaluation |
Not in release
A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service
1 affected package
gpac
| Package | 26.04 LTS |
|---|---|
| gpac | Not in release |
String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails...
1 affected package
libstring-util-perl
| Package | 26.04 LTS |
|---|---|
| libstring-util-perl | Needs evaluation |
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of...
1 affected package
libdbi-perl
| Package | 26.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million...
1 affected package
libdbi-perl
| Package | 26.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the...
1 affected package
libdbi-perl
| Package | 26.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
Not in release
Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently...
1 affected package
anki
| Package | 26.04 LTS |
|---|---|
| anki | Not in release |
Not in release
Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can...
1 affected package
anki
| Package | 26.04 LTS |
|---|---|
| anki | Not in release |
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted...
1 affected package
wget
| Package | 26.04 LTS |
|---|---|
| wget | Fixed |