UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-50526 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-50524 Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-47302 Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-50648 Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-50527 Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-47304 Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-50525 Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-50528 Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-50659 Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-47300 Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-47303 Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-57108 Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network. dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 dotnet10
CVE CVE-2026-9539 An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hyp libslirp libslirp libslirp libslirp libslirp libslirp
CVE CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unico python-idna python-idna python-idna python-idna python-idna python-idna
CVE CVE-2026-58472 GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c wget wget wget wget wget wget
CVE CVE-2026-58471 GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that wget wget wget wget wget wget
CVE CVE-2026-58470 GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c wget wget wget wget wget wget
CVE CVE-2026-58469 GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/m wget wget wget wget wget wget
CVE CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is call dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq
CVE CVE-2026-12725 A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies contain dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq



About   -   Send Feedback to @ubuntu_updates