CVE search results

1 – 10 of 1235 results

Detailed view

Sort by:

CVE-2026-10805

Medium priority

Needs evaluation

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw...

1 affected package

network-manager

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
network-manager	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-10294

Low priority

Needs evaluation

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to...

1 affected package

packagekit

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
packagekit	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-46599

Medium priority

Needs evaluation

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode...

1 affected package

golang-golang-x-image

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-image	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-42500

Medium priority

Needs evaluation

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.

1 affected package

golang-golang-x-image

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-image	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-39824

Medium priority

Needs evaluation

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

2 affected packages

golang-golang-x-sys, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-sys	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-46598

Medium priority

Needs evaluation

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-46597

Medium priority

Needs evaluation

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-46595

Medium priority

Needs evaluation

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-42508

Medium priority

Needs evaluation

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-39835

Medium priority

Needs evaluation

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking...

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports