Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.0 views

CVE-2026-31883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...

9.8CVSS5.9AI score0.00317EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS5.9AI score0.00528EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.8AI score0.00363EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.2 views

CVE-2026-31897

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...

9.1CVSS5.9AI score0.00285EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.9AI score0.00644EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-31885

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

9.4CVSS5.9AI score0.00263EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.4 views

CVE-2026-29776

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...

3.1CVSS5.9AI score0.00175EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.5 views

CVE-2026-29774

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...

8.2CVSS6.1AI score0.00323EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-31884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...

7.5CVSS5.9AI score0.00303EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.5 views

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.9AI score0.00269EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.4 views

CVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...

9.8CVSS6AI score0.00656EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.8 views

CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

6.5CVSS5.9AI score0.00435EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/13 12:0 a.m.4 views

CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/12 9:16 p.m.3 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS7.1AI score0.00874EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 9:16 p.m.3 views

CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 9:16 p.m.3 views

CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS6AI score0.00256EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 9:16 p.m.4 views

CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 9:16 p.m.5 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS7.1AI score0.0115EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.6 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS6AI score0.00572EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.7 views

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

5.5CVSS5.9AI score0.00133EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.7 views

CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

6.5CVSS5.9AI score0.00207EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.2 views

CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

9.8CVSS5.9AI score0.00493EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.9 views

CVE-2026-32259

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...

6.7CVSS6AI score0.00096EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.10 views

CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

6.5CVSS5.9AI score0.00207EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/12 7:16 p.m.3 views

CVE-2025-70873

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...

7.5CVSS5.9AI score0.00301EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/12 6:16 p.m.7 views

CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

7.5CVSS7.2AI score0.00777EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/12 6:16 p.m.3 views

CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

8.2CVSS5.8AI score0.0035EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 6:16 p.m.2 views

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.9AI score0.00164EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 6:0 p.m.4 views

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

6.9CVSS7AI score0.0218EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/12 5:16 p.m.5 views

CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

7.8CVSS5.9AI score0.00177EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/12 5:16 p.m.2 views

CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/12 2:16 p.m.2 views

CVE-2026-3099

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...

7.3CVSS7.2AI score0.00355EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/12 9:15 a.m.4 views

CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit...

5.3CVSS5.9AI score0.00127EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/03/12 9:15 a.m.3 views

CVE-2026-4016

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svginprocess of the file src/filters/loadsvg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has...

5.3CVSS5.5AI score0.00115EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/03/12 2:15 a.m.3 views

CVE-2026-1182

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 1:15 a.m.3 views

CVE-2023-43010

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS6.8AI score0.00885EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/12 12:0 a.m.1 views

CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X8664::initializesections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a...

5.3CVSS6AI score0.00127EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 12:0 a.m.3 views

CVE-2026-3979

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function jsiteratorconcatreturn of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name:...

5.3CVSS5.7AI score0.00112EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 12:0 a.m.4 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS7.2AI score0.00475EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/12 12:0 a.m.3 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS5.9AI score0.00502EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/11 11:16 p.m.2 views

CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

6.9CVSS6AI score0.00485EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/11 8:16 p.m.4 views

CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

8.7CVSS5.9AI score0.00375EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/11 8:16 p.m.3 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/11 8:16 p.m.2 views

CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.4AI score0.00117EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/11 7:16 p.m.3 views

CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

4.8CVSS5.4AI score0.00117EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/11 6:16 p.m.3 views

CVE-2026-31870

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

7.5CVSS5.8AI score0.00453EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/11 6:0 p.m.4 views

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS5.9AI score0.00259EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/11 6:0 p.m.2 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS5.9AI score0.00302EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/11 6:0 p.m.4 views

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS7.2AI score0.00333EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/11 6:0 p.m.3 views

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS5.9AI score0.00715EPSS
Exploits2References3
Total number of security vulnerabilities68528