Search CVE reports


Toggle filters

1 – 10 of 58210 results


CVE-2025-5994

Medium priority
Needs evaluation

A multi-vendor cache poisoning vulnerability named ‘Rebirthday Attack’ has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support,...

1 affected package

unbound

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
unbound Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-53840

Medium priority
Not affected

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren’t meant...

1 affected package

icingadb-web

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
icingadb-web Not affected Not in release
Show less packages

CVE-2025-40924

Medium priority
Needs evaluation

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and...

1 affected package

libcatalyst-plugin-session-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcatalyst-plugin-session-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-40923

Medium priority
Needs evaluation

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come...

1 affected package

libplack-middleware-session-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libplack-middleware-session-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-40918

Medium priority
Needs evaluation

Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will...

1 affected package

libauthen-sasl-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libauthen-sasl-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-40776

Medium priority
Needs evaluation

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1,...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
bind9 Not affected Not affected Not affected Not affected
bind9-libs Not in release Needs evaluation Needs evaluation
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation
Show less packages

CVE-2025-34104

Medium priority
Not affected

An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and...

1 affected package

matomo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
matomo Not in release Not in release
Show less packages

CVE-2025-27465

Medium priority
Needs evaluation

Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled...

1 affected package

xen

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xen Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-40777

Medium priority

Some fixes available 1 of 6

possible assertion failure when using the ‘stale-answer-client-timeout 0’ option

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
bind9 Not affected Not affected Not affected Not affected
bind9-libs Not in release Needs evaluation Needs evaluation
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation
Show less packages

CVE-2025-27210

Medium priority
Not affected

[Unknown description]

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nodejs Not affected Not affected Not affected Not affected
Show less packages