docs/snyk/v3.3.2/quay.io_argoproj_argocd_v3.3.2.html
high severity
Exploit: Not Defined
Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes ioreg, when the PATH environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by placing a malicious binary earlier in the search path.
Note: This vulnerability is only exploitable on MacOS/Darwin systems.
Upgrade go.opentelemetry.io/otel/sdk/resource to version 1.40.0 or higher.
medium severity
Exploit: Not Defined
This vulnerability has not been analyzed by NVD yet.
There is no fixed version for Ubuntu:25.10 util-linux.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
There is no fixed version for Ubuntu:25.10 tar.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
There is no fixed version for Ubuntu:25.10 pam.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
There is no fixed version for Ubuntu:25.10 gnupg2.
medium severity
MPL-2.0 license
medium severity
MPL-2.0 license
medium severity
MPL-2.0 license
medium severity
MPL-2.0 license
medium severity
MPL-2.0 license
medium severity
MPL-2.0 license
medium severity
Exploit: Not Defined
Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile() function.
This vulnerability can be mitigated by running 'git fsck' from the git CLI to check for data corruption on a given repository.
Upgrade github.com/go-git/go-git/v5/storage/filesystem to version 5.16.5 or higher.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.
There is no fixed version for Ubuntu:25.10 git.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
There is no fixed version for Ubuntu:25.10 expat.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
URLs containing percent-encoded slashes (/ or \) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it.
This flaw only affects the wcurl command line tool.
Upgrade Ubuntu:25.10 curl to version 8.14.1-2ubuntu1.1 or higher.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
When using CURLOPT_PINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer.
This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.
Upgrade Ubuntu:25.10 curl to version 8.14.1-2ubuntu1.1 or higher.
medium severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers.
Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
Upgrade Ubuntu:25.10 curl to version 8.14.1-2ubuntu1.1 or higher.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
There is no fixed version for Ubuntu:25.10 shadow.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
There is no fixed version for Ubuntu:25.10 patch.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
There is no fixed version for Ubuntu:25.10 patch.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
There is no fixed version for Ubuntu:25.10 openssh.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
There is no fixed version for Ubuntu:25.10 openssh.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
There is no fixed version for Ubuntu:25.10 libgcrypt20.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
There is no fixed version for Ubuntu:25.10 gnupg2.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
secure keyword for https://targethttp://target (same hostname, but using clear text HTTP) using the same cookie setpath=\"/\",). Since this site is not secure, the cookie should just be ignored.The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.
The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
Upgrade Ubuntu:25.10 curl to version 8.14.1-2ubuntu1.1 or higher.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection.
A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
Upgrade Ubuntu:25.10 curl to version 8.14.1-2ubuntu1.1 or higher.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.
Upgrade Ubuntu:25.10 curl to version 8.14.1-2ubuntu1.1 or higher.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
Upgrade Ubuntu:25.10 curl to version 8.14.1-2ubuntu1.1 or higher.
low severity
Exploit: Not Defined
Note: _Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu._See How to fix? for Ubuntu:25.10 relevant fixed versions and status.
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
There is no fixed version for Ubuntu:25.10 coreutils.