Search CVE reports
261 – 270 of 27004 results
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.
1 affected package
php-mongodb
| Package | 26.04 LTS |
|---|---|
| php-mongodb | Needs evaluation |
libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An...
2 affected packages
libyang, libyang2
| Package | 26.04 LTS |
|---|---|
| libyang | Needs evaluation |
| libyang2 | Not in release |
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when...
1 affected package
rust-openssl
| Package | 26.04 LTS |
|---|---|
| rust-openssl | Needs evaluation |
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref<Target =...
1 affected package
rust-openssl
| Package | 26.04 LTS |
|---|---|
| rust-openssl | Needs evaluation |
Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security...
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium...
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a...
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |