Search CVE reports
391 – 400 of 30612 results
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation (com.mchange.v2.naming.JavaBeanObjectFactory)...
1 affected package
c3p0
| Package | 26.04 LTS |
|---|---|
| c3p0 | Needs evaluation |
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of...
1 affected package
rust-wasmtime
| Package | 26.04 LTS |
|---|---|
| rust-wasmtime | Needs evaluation |
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to...
1 affected package
async-http-client
| Package | 26.04 LTS |
|---|---|
| async-http-client | Needs evaluation |
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been...
2 affected packages
golang-github-pion-dtls-v3, golang-github-pion-dtls.v2
| Package | 26.04 LTS |
|---|---|
| golang-github-pion-dtls-v3 | Needs evaluation |
| golang-github-pion-dtls.v2 | Needs evaluation |
Not in release
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix...
1 affected package
php-horde-imp
| Package | 26.04 LTS |
|---|---|
| php-horde-imp | Not in release |
In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |