Search CVE reports

1221 – 1230 of 36525 results

Detailed view

Sort by:

Status is adjusted based on your filters.

CVE-2026-43284

High priority

Vulnerable

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG...

158 affected packages

linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11, linux-hwe-5.13...

Package	24.04 LTS
linux-hwe	Not in release
linux-hwe-5.4	Not in release
linux-hwe-5.8	Not in release
linux-hwe-5.11	Not in release
linux-hwe-5.13	Not in release
linux-hwe-5.15	Not in release
linux-hwe-5.19	Not in release
linux-hwe-6.2	Not in release
linux-hwe-6.5	Not in release
linux-hwe-6.8	Not in release
linux-hwe-6.11	Ignored
linux-hwe-6.14	Ignored
linux-hwe-6.17	Vulnerable
linux-hwe-edge	Not in release
linux-lts-xenial	Not in release
linux-kvm	Not in release
linux-allwinner-5.19	Not in release
linux-aws-5.0	Not in release
linux-aws-5.3	Not in release
linux-aws-5.4	Not in release
linux-aws-5.8	Not in release
linux-aws-5.11	Not in release
linux-aws-5.13	Not in release
linux-aws-5.15	Not in release
linux-aws-5.19	Not in release
linux-aws-6.2	Not in release
linux-aws-6.5	Not in release
linux-aws-6.8	Not in release
linux-aws-6.14	Ignored
linux-aws-6.17	Vulnerable
linux-aws-hwe	Not in release
linux-azure-4.15	Not in release
linux-azure-5.3	Not in release
linux-azure-5.4	Not in release
linux-azure-5.8	Not in release
linux-azure-5.11	Not in release
linux-azure-5.13	Not in release
linux-azure-5.15	Not in release
linux-azure-5.19	Not in release
linux-azure-6.2	Not in release
linux-azure-6.5	Not in release
linux-azure-6.8	Not in release
linux-azure-6.11	Ignored
linux-azure-6.14	Vulnerable
linux-azure-6.17	Vulnerable
linux-azure-fde-5.15	Not in release
linux-azure-fde-5.19	Not in release
linux-azure-fde-6.2	Not in release
linux-azure-fde-6.8	Not in release
linux-azure-fde-6.14	Vulnerable
linux-azure-fde-6.17	Vulnerable
linux-azure-nvidia	Vulnerable
linux-azure-nvidia-6.14	Vulnerable
linux-bluefield	Not in release
linux-azure-edge	Not in release
linux-fips	Vulnerable
linux-aws-fips	Vulnerable
linux-azure-fips	Vulnerable
linux-gcp-fips	Vulnerable
linux-gcp-4.15	Not in release
linux-gcp-5.3	Not in release
linux-gcp-5.4	Not in release
linux-gcp-5.8	Not in release
linux-gcp-5.11	Not in release
linux-gcp-5.13	Not in release
linux-gcp-5.15	Not in release
linux-gcp-5.19	Not in release
linux-gcp-6.2	Not in release
linux-gcp-6.5	Not in release
linux-gcp-6.8	Not in release
linux-gcp-6.11	Ignored
linux-gcp-6.14	Ignored
linux-gcp-6.17	Vulnerable
linux-gke	Vulnerable
linux-gke-4.15	Not in release
linux-gke-5.4	Not in release
linux-gke-5.15	Not in release
linux-gkeop	Vulnerable
linux-gkeop-5.4	Not in release
linux-gkeop-5.15	Not in release
linux-ibm	Vulnerable
linux-ibm-5.4	Not in release
linux-ibm-5.15	Not in release
linux-ibm-6.8	Not in release
linux-intel-5.13	Not in release
linux-intel-iotg	Not in release
linux-intel-iotg-5.15	Not in release
linux-iot	Not in release
linux-intel-iot-realtime	Not in release
linux-lowlatency	Vulnerable
linux-lowlatency-hwe-5.15	Not in release
linux-lowlatency-hwe-5.19	Not in release
linux-lowlatency-hwe-6.2	Not in release
linux-lowlatency-hwe-6.5	Not in release
linux-lowlatency-hwe-6.8	Not in release
linux-lowlatency-hwe-6.11	Ignored
linux-nvidia	Vulnerable
linux-nvidia-6.2	Not in release
linux-nvidia-6.5	Not in release
linux-nvidia-6.8	Not in release
linux-nvidia-6.11	Ignored
linux-nvidia-lowlatency	Vulnerable
linux-nvidia-tegra	Vulnerable
linux-nvidia-tegra-5.15	Not in release
linux-nvidia-tegra-igx	Not in release
linux-oracle-5.0	Not in release
linux-oracle-5.3	Not in release
linux-oracle-5.4	Not in release
linux-oracle-5.8	Not in release
linux-oracle-5.11	Not in release
linux-oracle-5.13	Not in release
linux-oracle-5.15	Not in release
linux-oracle-6.5	Not in release
linux-oracle-6.8	Not in release
linux-oracle-6.14	Ignored
linux-oracle-6.17	Vulnerable
linux-oem	Not in release
linux-oem-5.6	Not in release
linux-oem-5.10	Not in release
linux-oem-5.13	Not in release
linux-oem-5.14	Not in release
linux-oem-5.17	Not in release
linux-oem-6.0	Not in release
linux-oem-6.1	Not in release
linux-oem-6.5	Not in release
linux-oem-6.8	Ignored
linux-oem-6.11	Ignored
linux-oem-6.14	Ignored
linux-oem-6.17	Vulnerable
linux-raspi2	Not in release
linux-raspi-5.4	Not in release
linux-raspi-realtime	Vulnerable
linux-realtime-6.8	Not in release
linux-realtime-6.14	Ignored
linux-riscv	Ignored
linux-riscv-5.8	Not in release
linux-riscv-5.11	Not in release
linux-riscv-5.15	Not in release
linux-riscv-5.19	Not in release
linux-riscv-6.5	Not in release
linux-riscv-6.8	Not in release
linux-riscv-6.14	Ignored
linux-riscv-6.17	Vulnerable
linux-starfive-5.19	Not in release
linux-starfive-6.2	Not in release
linux-starfive-6.5	Not in release
linux-xilinx	Vulnerable
linux-xilinx-zynqmp	Not in release
linux-realtime-6.17	Vulnerable
linux-azure	Vulnerable
linux-azure-fde	Vulnerable
linux-gcp	Vulnerable
linux-oracle	Vulnerable
linux-raspi	Vulnerable
linux-realtime	Vulnerable
linux	Vulnerable
linux-aws	Vulnerable
linux-nvidia-6.17	Vulnerable

CVE-2026-40214

Medium priority

Not in release

In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project...

1 affected package

cyborg

Package	24.04 LTS
cyborg	Not in release

CVE-2026-40213

Medium priority

Not in release

OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership,...

1 affected package

cyborg

Package	24.04 LTS
cyborg	Not in release

CVE-2026-8088

Medium priority

Needs evaluation

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to...

1 affected package

gdal

Package	24.04 LTS
gdal	Needs evaluation

CVE-2026-8087

Medium priority

Needs evaluation

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer...

1 affected package

gdal

Package	24.04 LTS
gdal	Needs evaluation

CVE-2026-42501

Medium priority

Needs evaluation

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Not in release

CVE-2026-42499

Medium priority

Needs evaluation

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Not in release

CVE-2026-42225

Medium priority

Needs evaluation

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even...

2 affected packages

asterisk, pjproject

Package	24.04 LTS
asterisk	Needs evaluation
pjproject	Not in release

CVE-2026-39836

Medium priority

Not affected

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

16 affected packages

golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...

Package	24.04 LTS
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Not affected
golang-1.22	Not affected
golang-1.23	Not affected
golang-1.24	Not affected
golang-1.25	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang	Not in release

CVE-2026-39826

Medium priority

Needs evaluation

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Not in release

Export to JSON

Results by page: