Search CVE reports


Toggle filters

31 – 40 of 51519 results

Status is adjusted based on your filters.


CVE-2026-10037

Medium priority
Not affected

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or...

12 affected packages

mailcap, openjdk-8, openjdk-9, openjdk-lts, openjdk-13...

Package 16.04 LTS
mailcap
openjdk-8 Not affected
openjdk-9
openjdk-lts
openjdk-13
openjdk-16
openjdk-17
openjdk-17-crac
openjdk-18
openjdk-21
openjdk-21-crac
openjdk-25
Show all 12 packages Show less packages

CVE-2026-60002

Medium priority
Needs evaluation

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-60001

Medium priority
Needs evaluation

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-60000

Medium priority
Needs evaluation

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-59999

Medium priority
Needs evaluation

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-59998

Medium priority
Needs evaluation

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-59997

Medium priority
Needs evaluation

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-59996

Medium priority
Needs evaluation

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-59995

Medium priority
Needs evaluation

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.

2 affected packages

openssh, openssh-ssh1

Package 16.04 LTS
openssh Needs evaluation
openssh-ssh1
Show less packages

CVE-2026-50811

Medium priority
Needs evaluation

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates

1 affected package

freetype

Package 16.04 LTS
freetype Needs evaluation
Show less packages