Search CVE reports


Toggle filters

91 – 100 of 42294 results

Status is adjusted based on your filters.


CVE-2026-54371

Medium priority
Needs evaluation

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory...

1 affected package

attr

Package 20.04 LTS
attr Needs evaluation
Show less packages

CVE-2026-54370

Medium priority
Needs evaluation

acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat()...

1 affected package

acl

Package 20.04 LTS
acl Needs evaluation
Show less packages

CVE-2026-54369

Medium priority
Needs evaluation

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate...

1 affected package

acl

Package 20.04 LTS
acl Needs evaluation
Show less packages

CVE-2026-13676

Medium priority
Needs evaluation

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host...

1 affected package

node-ajv

Package 20.04 LTS
node-ajv Needs evaluation
Show less packages

CVE-2026-11979

Medium priority
Needs evaluation

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By...

1 affected package

libxml2

Package 20.04 LTS
libxml2 Needs evaluation
Show less packages

CVE-2026-41992

Medium priority
Needs evaluation

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global...

1 affected package

gzip

Package 20.04 LTS
gzip Needs evaluation
Show less packages

CVE-2026-41991

Medium priority
Needs evaluation

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely...

1 affected package

gzip

Package 20.04 LTS
gzip Needs evaluation
Show less packages

CVE-2026-25707

Medium priority
Needs evaluation

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or...

1 affected package

libzypp

Package 20.04 LTS
libzypp Needs evaluation
Show less packages

CVE-2026-13601

Medium priority
Needs evaluation

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an...

1 affected package

yelp

Package 20.04 LTS
yelp Needs evaluation
Show less packages

CVE-2026-57966

Medium priority
Needs evaluation

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by...

1 affected package

spice-vdagent

Package 20.04 LTS
spice-vdagent Needs evaluation
Show less packages