Search CVE reports
2491 – 2500 of 35263 results
Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Some fixes available 15 of 17
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...
23 affected packages
rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...
| Package | 24.04 LTS |
|---|---|
| rust-tar | Fixed |
| rustc | Fixed |
| rustc-1.62 | Not in release |
| rustc-1.74 | Fixed |
| rustc-1.76 | Fixed |
| rustc-1.77 | Fixed |
| rustc-1.78 | Fixed |
| rustc-1.79 | Fixed |
| rustc-1.80 | Fixed |
| rustc-1.81 | Fixed |
| rustc-1.82 | Fixed |
| rustc-1.83 | Fixed |
| rustc-1.84 | Fixed |
| rustc-1.85 | Fixed |
| rustc-1.88 | Not in release |
| rustc-1.89 | Fixed |
| rustc-1.91 | Fixed |
| rustc-1.92 | Not in release |
| rustc-1.93 | Not in release |
| cargo | Not in release |
| rust-cargo-c | Needs evaluation |
| rust-async-tar | Needs evaluation |
| rust-astral-tokio-tar | Not in release |
tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518,...
1 affected package
rust-tar
| Package | 24.04 LTS |
|---|---|
| rust-tar | Needs evaluation |
Not in release
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time...
1 affected package
rust-libp2p-identity
| Package | 24.04 LTS |
|---|---|
| rust-libp2p-identity | Not in release |
phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 24.04 LTS |
|---|---|
| php-phpseclib | Needs evaluation |
| php-phpseclib3 | Needs evaluation |
| phpseclib | Needs evaluation |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the...
3 affected packages
collada2gltf, pandas, ujson
| Package | 24.04 LTS |
|---|---|
| collada2gltf | Not in release |
| pandas | Not affected |
| ujson | Fixed |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1])...
3 affected packages
collada2gltf, pandas, ujson
| Package | 24.04 LTS |
|---|---|
| collada2gltf | Not in release |
| pandas | Not affected |
| ujson | Fixed |
Not in release
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping (rather than rejection) of...
1 affected package
rust-astral-tokio-tar
| Package | 24.04 LTS |
|---|---|
| rust-astral-tokio-tar | Not in release |