Search CVE reports

471 – 480 of 48900 results

Detailed view

Sort by:

Status is adjusted based on your filters.

CVE-2026-32282

Medium priority

Needs evaluation

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	16.04 LTS
golang	—
golang-1.6	Needs evaluation
golang-1.8	—
golang-1.9	—
golang-1.10	Needs evaluation
golang-1.13	Needs evaluation
golang-1.14	—
golang-1.16	—
golang-1.17	—
golang-1.18	Needs evaluation
golang-1.20	—
golang-1.21	—
golang-1.22	—
golang-1.23	—
golang-1.24	—
golang-1.25	—

CVE-2026-32281

Medium priority

Needs evaluation

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	16.04 LTS
golang	—
golang-1.6	Needs evaluation
golang-1.8	—
golang-1.9	—
golang-1.10	Needs evaluation
golang-1.13	Needs evaluation
golang-1.14	—
golang-1.16	—
golang-1.17	—
golang-1.18	Needs evaluation
golang-1.20	—
golang-1.21	—
golang-1.22	—
golang-1.23	—
golang-1.24	—
golang-1.25	—

CVE-2026-32280

Medium priority

Needs evaluation

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	16.04 LTS
golang	—
golang-1.6	Needs evaluation
golang-1.8	—
golang-1.9	—
golang-1.10	Needs evaluation
golang-1.13	Needs evaluation
golang-1.14	—
golang-1.16	—
golang-1.17	—
golang-1.18	Needs evaluation
golang-1.20	—
golang-1.21	—
golang-1.22	—
golang-1.23	—
golang-1.24	—
golang-1.25	—

CVE-2026-27144

Medium priority

Needs evaluation

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	16.04 LTS
golang	—
golang-1.6	Needs evaluation
golang-1.8	—
golang-1.9	—
golang-1.10	Needs evaluation
golang-1.13	Needs evaluation
golang-1.14	—
golang-1.16	—
golang-1.17	—
golang-1.18	Needs evaluation
golang-1.20	—
golang-1.21	—
golang-1.22	—
golang-1.23	—
golang-1.24	—
golang-1.25	—

CVE-2026-27143

Medium priority

Needs evaluation

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	16.04 LTS
golang	—
golang-1.6	Needs evaluation
golang-1.8	—
golang-1.9	—
golang-1.10	Needs evaluation
golang-1.13	Needs evaluation
golang-1.14	—
golang-1.16	—
golang-1.17	—
golang-1.18	Needs evaluation
golang-1.20	—
golang-1.21	—
golang-1.22	—
golang-1.23	—
golang-1.24	—
golang-1.25	—

CVE-2026-27140

Medium priority

Needs evaluation

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	16.04 LTS
golang	—
golang-1.6	Needs evaluation
golang-1.8	—
golang-1.9	—
golang-1.10	Needs evaluation
golang-1.13	Needs evaluation
golang-1.14	—
golang-1.16	—
golang-1.17	—
golang-1.18	Needs evaluation
golang-1.20	—
golang-1.21	—
golang-1.22	—
golang-1.23	—
golang-1.24	—
golang-1.25	—

CVE-2026-39881

Medium priority

Vulnerable

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via...

1 affected package

vim

Package	16.04 LTS
vim	Vulnerable

CVE-2026-31411

Medium priority

Vulnerable

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the...

157 affected packages

linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...

Package	16.04 LTS
linux	Vulnerable
linux-hwe	Vulnerable
linux-hwe-5.4	Not in release
linux-hwe-5.8	Not in release
linux-hwe-5.11	Not in release
linux-hwe-5.13	Not in release
linux-hwe-5.15	Not in release
linux-hwe-5.19	Not in release
linux-hwe-6.2	Not in release
linux-hwe-6.5	Not in release
linux-hwe-6.8	Not in release
linux-hwe-6.11	Not in release
linux-hwe-6.14	Not in release
linux-hwe-6.17	Not in release
linux-hwe-edge	Ignored
linux-lts-xenial	Not in release
linux-kvm	Vulnerable
linux-allwinner-5.19	Not in release
linux-aws	Vulnerable
linux-aws-5.0	Not in release
linux-aws-5.3	Not in release
linux-aws-5.4	Not in release
linux-aws-5.8	Not in release
linux-aws-5.11	Not in release
linux-aws-5.13	Not in release
linux-aws-5.15	Not in release
linux-aws-5.19	Not in release
linux-aws-6.2	Not in release
linux-aws-6.5	Not in release
linux-aws-6.8	Not in release
linux-aws-6.14	Not in release
linux-aws-6.17	Not in release
linux-aws-hwe	Vulnerable
linux-azure	Vulnerable
linux-azure-4.15	Not in release
linux-azure-5.3	Not in release
linux-azure-5.4	Not in release
linux-azure-5.8	Not in release
linux-azure-5.11	Not in release
linux-azure-5.13	Not in release
linux-azure-5.15	Not in release
linux-azure-5.19	Not in release
linux-azure-6.2	Not in release
linux-azure-6.5	Not in release
linux-azure-6.8	Not in release
linux-azure-6.11	Not in release
linux-azure-6.14	Not in release
linux-azure-6.17	Not in release
linux-azure-fde	Not in release
linux-azure-fde-5.15	Not in release
linux-azure-fde-5.19	Not in release
linux-azure-fde-6.2	Not in release
linux-azure-fde-6.8	Not in release
linux-azure-fde-6.14	Not in release
linux-azure-fde-6.17	Not in release
linux-azure-nvidia	Not in release
linux-azure-nvidia-6.14	Not in release
linux-bluefield	Not in release
linux-azure-edge	Not in release
linux-fips	Vulnerable
linux-aws-fips	Not in release
linux-azure-fips	Not in release
linux-gcp-fips	Not in release
linux-gcp	Vulnerable
linux-gcp-4.15	Not in release
linux-gcp-5.3	Not in release
linux-gcp-5.4	Not in release
linux-gcp-5.8	Not in release
linux-gcp-5.11	Not in release
linux-gcp-5.13	Not in release
linux-gcp-5.15	Not in release
linux-gcp-5.19	Not in release
linux-gcp-6.2	Not in release
linux-gcp-6.5	Not in release
linux-gcp-6.8	Not in release
linux-gcp-6.11	Not in release
linux-gcp-6.14	Not in release
linux-gcp-6.17	Not in release
linux-gke	Ignored
linux-gke-4.15	Not in release
linux-gke-5.4	Not in release
linux-gke-5.15	Not in release
linux-gkeop	Not in release
linux-gkeop-5.4	Not in release
linux-gkeop-5.15	Not in release
linux-ibm	Not in release
linux-ibm-5.4	Not in release
linux-ibm-5.15	Not in release
linux-ibm-6.8	Not in release
linux-intel-5.13	Not in release
linux-intel-iotg	Not in release
linux-intel-iotg-5.15	Not in release
linux-iot	Not in release
linux-intel-iot-realtime	Not in release
linux-lowlatency	Not in release
linux-lowlatency-hwe-5.15	Not in release
linux-lowlatency-hwe-5.19	Not in release
linux-lowlatency-hwe-6.2	Not in release
linux-lowlatency-hwe-6.5	Not in release
linux-lowlatency-hwe-6.8	Not in release
linux-lowlatency-hwe-6.11	Not in release
linux-nvidia	Not in release
linux-nvidia-6.2	Not in release
linux-nvidia-6.5	Not in release
linux-nvidia-6.8	Not in release
linux-nvidia-6.11	Not in release
linux-nvidia-lowlatency	Not in release
linux-nvidia-tegra	Not in release
linux-nvidia-tegra-5.15	Not in release
linux-nvidia-tegra-igx	Not in release
linux-oracle	Vulnerable
linux-oracle-5.0	Not in release
linux-oracle-5.3	Not in release
linux-oracle-5.4	Not in release
linux-oracle-5.8	Not in release
linux-oracle-5.11	Not in release
linux-oracle-5.13	Not in release
linux-oracle-5.15	Not in release
linux-oracle-6.5	Not in release
linux-oracle-6.8	Not in release
linux-oracle-6.14	Not in release
linux-oracle-6.17	Not in release
linux-oem	Ignored
linux-oem-5.6	Not in release
linux-oem-5.10	Not in release
linux-oem-5.13	Not in release
linux-oem-5.14	Not in release
linux-oem-5.17	Not in release
linux-oem-6.0	Not in release
linux-oem-6.1	Not in release
linux-oem-6.5	Not in release
linux-oem-6.8	Not in release
linux-oem-6.11	Not in release
linux-oem-6.14	Not in release
linux-oem-6.17	Not in release
linux-raspi	Not in release
linux-raspi2	Ignored
linux-raspi-5.4	Not in release
linux-raspi-realtime	Not in release
linux-realtime	Not in release
linux-realtime-6.8	Not in release
linux-realtime-6.14	Not in release
linux-riscv	Not in release
linux-riscv-5.8	Not in release
linux-riscv-5.11	Not in release
linux-riscv-5.15	Not in release
linux-riscv-5.19	Not in release
linux-riscv-6.5	Not in release
linux-riscv-6.8	Not in release
linux-riscv-6.14	Not in release
linux-riscv-6.17	Not in release
linux-starfive-5.19	Not in release
linux-starfive-6.2	Not in release
linux-starfive-6.5	Not in release
linux-xilinx	Not in release
linux-xilinx-zynqmp	Not in release
linux-realtime-6.17	Not in release

CVE-2026-39373

Medium priority

Needs evaluation

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for...

1 affected package

python-jwcrypto

Package	16.04 LTS
python-jwcrypto	Needs evaluation

CVE-2026-39324

Medium priority

Not affected

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation...

2 affected packages

ruby-rack, ruby-rack-session

Package	16.04 LTS
ruby-rack	Not affected
ruby-rack-session	—

Export to JSON

Results by page: