Search CVE reports

741 – 750 of 1943 results

Detailed view

Sort by:

CVE-2018-20843

Low priority

Some fixes available 21 of 108

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
vtk	Not in release	Not in release	Not in release	Not in release	Fixed
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2019-11708

High priority

Fixed

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	Fixed	Fixed
thunderbird	—	—	—	Fixed	Fixed

CVE-2019-11707

High priority

Some fixes available 28 of 37

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability...

5 affected packages

firefox, mozjs38, mozjs52, mozjs60, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Not affected	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2019-11706

Low priority

Fixed

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.

1 affected packages

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
thunderbird	—	—	—	Fixed	Fixed

CVE-2019-11705

Medium priority

Fixed

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird...

1 affected packages

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
thunderbird	—	—	—	Fixed	Fixed

CVE-2019-11704

Medium priority

Fixed

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects...

1 affected packages

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
thunderbird	—	—	—	Fixed	Fixed

CVE-2019-11703

Medium priority

Fixed

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

1 affected packages

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
thunderbird	—	—	—	Fixed	Fixed

CVE-2019-12383

Medium priority

Not affected

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.

6 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs60, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	Not affected	Not affected
firefox-esr	—	—	—	Not in release	Not in release
mozjs38	—	—	—	Not affected	Not in release
mozjs52	—	—	—	Not affected	Not in release
mozjs60	—	—	—	Not in release	Not in release
thunderbird	—	—	—	Not affected	Not affected

CVE-2016-9969

Medium priority

Needs evaluation

In libwebp 0.5.1, there is a double free bug in libwebpmux.

9 affected packages

firefox, godot, libwebp, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
godot	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
libwebp	Not affected	Not affected	Not affected	Not affected	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
qtimageformats-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2019-9820

Medium priority

Some fixes available 28 of 38

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

5 affected packages

firefox, mozjs38, mozjs52, mozjs60, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed	Fixed

Export to JSON

Results by page: