UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-50651 Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-50526 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-50524 Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-47302 Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-50648 Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-50527 Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-47304 Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-50525 Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-50528 Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-50659 Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-47300 Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-47303 Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-57108 Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-9539 An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hyp libslirp libslirp libslirp
CVE CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unico python-idna python-idna python-idna
CVE CVE-2026-58472 GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c wget wget wget wget wget wget
CVE CVE-2026-58471 GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that wget wget wget wget wget wget
CVE CVE-2026-58470 GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c wget wget wget wget wget wget
CVE CVE-2026-58469 GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/m wget wget wget wget wget wget
CVE CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is call dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq



About   -   Send Feedback to @ubuntu_updates