Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-50651 | Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-50526 | Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-50524 | Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-47302 | Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-50648 | Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-50527 | Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-47304 | Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-50525 | Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-50528 | Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-50659 | Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-47300 | Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-47303 | Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-57108 | Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-9539 | An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hyp | libslirp libslirp libslirp |
| CVE | CVE-2026-45409 | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unico | python-idna python-idna python-idna |
| CVE | CVE-2026-58472 | GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c | wget wget wget wget wget wget |
| CVE | CVE-2026-58471 | GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that | wget wget wget wget wget wget |
| CVE | CVE-2026-58470 | GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c | wget wget wget wget wget wget |
| CVE | CVE-2026-58469 | GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/m | wget wget wget wget wget wget |
| CVE | CVE-2026-12969 | An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is call | dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq |
About
-
Send Feedback to @ubuntu_updates