Search CVE reports
231 – 240 of 27850 results
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs...
1 affected package
glib-networking
| Package | 26.04 LTS |
|---|---|
| glib-networking | Vulnerable |
Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML...
2 affected packages
chromium-browser, libskia
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
| libskia | Needs evaluation |
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
2 affected packages
chromium-browser, libskia
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
| libskia | Needs evaluation |
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
2 affected packages
chromium-browser, libskia
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
| libskia | Needs evaluation |
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
2 affected packages
chromium-browser, libskia
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
| libskia | Needs evaluation |
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the...
1 affected package
neutron
| Package | 26.04 LTS |
|---|---|
| neutron | Needs evaluation |
Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths...
1 affected package
golang-github-go-git-go-billy
| Package | 26.04 LTS |
|---|---|
| golang-github-go-git-go-billy | Needs evaluation |
Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying...
1 affected package
mpd
| Package | 26.04 LTS |
|---|---|
| mpd | Needs evaluation |
Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allowing unauthenticated attackers...
1 affected package
mpd
| Package | 26.04 LTS |
|---|---|
| mpd | Needs evaluation |
Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the...
1 affected package
mpd
| Package | 26.04 LTS |
|---|---|
| mpd | Needs evaluation |