Search CVE reports
1 – 10 of 32735 results
CVE-2025-0577
Medium priority[Unknown description]
2 affected packages
eglibc, glibc
| Package | 18.04 LTS |
|---|---|
| eglibc | — |
| glibc | Needs evaluation |
CVE-2024-40675
Medium priorityIn parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
1 affected package
android-platform-frameworks-base
| Package | 18.04 LTS |
|---|---|
| android-platform-frameworks-base | Ignored |
CVE-2024-40673
Medium priorityIn Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional...
1 affected package
android-platform-libcore
| Package | 18.04 LTS |
|---|---|
| android-platform-libcore | Needs evaluation |
CVE-2025-0781
Medium priorityAn attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
2 affected packages
flightgear, simgear
| Package | 18.04 LTS |
|---|---|
| flightgear | Needs evaluation |
| simgear | Needs evaluation |
CVE-2025-23084
Medium priorityA vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js...
1 affected package
nodejs
| Package | 18.04 LTS |
|---|---|
| nodejs | Needs evaluation |
CVE-2024-45341
Medium priorityA certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only...
18 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
| golang-go.crypto | Needs evaluation |
| lxd | Needs evaluation |
| snapd | Needs evaluation |
CVE-2024-45336
Medium priorityThe HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event...
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 18.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Needs evaluation |
| golang-1.17 | Not in release |
| golang-1.18 | Needs evaluation |
| golang-1.19 | Not in release |
| golang-1.20 | Not in release |
| golang-1.21 | Not in release |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.6 | Not in release |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
CVE-2025-22865
Medium priorityUsing ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
15 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
CVE-2024-53869
Medium priorityNVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure.
34 affected packages
nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352...
| Package | 18.04 LTS |
|---|---|
| nvidia-graphics-drivers-304 | — |
| nvidia-graphics-drivers-304-updates | — |
| nvidia-graphics-drivers-340 | Ignored |
| nvidia-graphics-drivers-340-updates | Not affected |
| nvidia-graphics-drivers-352 | Not affected |
| nvidia-graphics-drivers-352-updates | Not affected |
| nvidia-graphics-drivers-361 | Not affected |
| nvidia-graphics-drivers-367 | Not affected |
| nvidia-graphics-drivers-375 | Not affected |
| nvidia-graphics-drivers-384 | Not affected |
| nvidia-graphics-drivers-390 | Ignored |
| nvidia-graphics-drivers-418-server | Ignored |
| nvidia-graphics-drivers-430 | Ignored |
| nvidia-graphics-drivers-435 | Ignored |
| nvidia-graphics-drivers-440 | Ignored |
| nvidia-graphics-drivers-440-server | Ignored |
| nvidia-graphics-drivers-450 | Ignored |
| nvidia-graphics-drivers-450-server | Ignored |
| nvidia-graphics-drivers-455 | Ignored |
| nvidia-graphics-drivers-460 | Ignored |
| nvidia-graphics-drivers-460-server | Ignored |
| nvidia-graphics-drivers-470 | Ignored |
| nvidia-graphics-drivers-470-server | Ignored |
| nvidia-graphics-drivers-495 | Not affected |
| nvidia-graphics-drivers-510 | Ignored |
| nvidia-graphics-drivers-510-server | Not affected |
| nvidia-graphics-drivers-515 | Ignored |
| nvidia-graphics-drivers-515-server | Ignored |
| nvidia-graphics-drivers-520 | Ignored |
| nvidia-graphics-drivers-525 | Not affected |
| nvidia-graphics-drivers-525-server | Not affected |
| nvidia-graphics-drivers-530 | Ignored |
| nvidia-graphics-drivers-535 | — |
| nvidia-graphics-drivers-535-server | — |
CVE-2024-45340
Medium priorityCredentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected...
15 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |