Search CVE reports


Toggle filters

401 – 410 of 43971 results

Status is adjusted based on your filters.


CVE-2026-29008

Medium priority
Needs evaluation

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet...

2 affected packages

u-boot, u-boot-nezha

Package 22.04 LTS
u-boot Needs evaluation
u-boot-nezha Needs evaluation
Show less packages

CVE-2026-29007

Medium priority
Needs evaluation

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious...

2 affected packages

u-boot, u-boot-nezha

Package 22.04 LTS
u-boot Needs evaluation
u-boot-nezha Needs evaluation
Show less packages

CVE-2026-59880

Medium priority
Needs evaluation

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly,...

1 affected package

node-immutable

Package 22.04 LTS
node-immutable Needs evaluation
Show less packages

CVE-2026-59875

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open...

1 affected package

node-tar

Package 22.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59874

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while...

1 affected package

node-tar

Package 22.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59873

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as...

1 affected package

node-tar

Package 22.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59871

Medium priority
Needs evaluation

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such...

1 affected package

node-tar

Package 22.04 LTS
node-tar Needs evaluation
Show less packages

CVE-2026-59870

Medium priority
Needs evaluation

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion,...

1 affected package

node-js-yaml

Package 22.04 LTS
node-js-yaml Needs evaluation
Show less packages

CVE-2026-59869

Medium priority
Needs evaluation

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...

1 affected package

node-js-yaml

Package 22.04 LTS
node-js-yaml Needs evaluation
Show less packages

CVE-2026-59868

Medium priority
Needs evaluation

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...

1 affected package

node-js-yaml

Package 22.04 LTS
node-js-yaml Needs evaluation
Show less packages