Search CVE reports
71 – 80 of 28513 results
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet10, dotnet6, dotnet7, dotnet8, dotnet9
| Package | 26.04 LTS |
|---|---|
| dotnet10 | Vulnerable |
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not in release |
| dotnet9 | Not in release |
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
5 affected packages
dotnet10, dotnet6, dotnet7, dotnet8, dotnet9
| Package | 26.04 LTS |
|---|---|
| dotnet10 | Vulnerable |
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not in release |
| dotnet9 | Not in release |
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
5 affected packages
dotnet10, dotnet6, dotnet7, dotnet8, dotnet9
| Package | 26.04 LTS |
|---|---|
| dotnet10 | Not affected |
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not in release |
| dotnet9 | Not in release |
Some fixes available 1 of 2
Heap Use-After-Free in OpenSSL PKCS7_verify()
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS |
|---|---|
| edk2 | Needs evaluation |
| nodejs | Not affected |
| openssl | Fixed |
| openssl-fips | Not in release |
| openssl1.0 | Not in release |
Some fixes available 1 of 2
Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS |
|---|---|
| edk2 | Needs evaluation |
| nodejs | Not affected |
| openssl | Fixed |
| openssl-fips | Not in release |
| openssl1.0 | Not in release |
Some fixes available 1 of 2
AES-OCB IV Ignored on EVP_Cipher() Path
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS |
|---|---|
| edk2 | Needs evaluation |
| nodejs | Not affected |
| openssl | Fixed |
| openssl-fips | Not in release |
| openssl1.0 | Not in release |
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which...
1 affected package
apache2
| Package | 26.04 LTS |
|---|---|
| apache2 | Needs evaluation |
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users...
1 affected package
apache2
| Package | 26.04 LTS |
|---|---|
| apache2 | Needs evaluation |
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version...
1 affected package
apache2
| Package | 26.04 LTS |
|---|---|
| apache2 | Needs evaluation |
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through...
1 affected package
apache2
| Package | 26.04 LTS |
|---|---|
| apache2 | Needs evaluation |