Search CVE reports
821 – 830 of 2389 results
Some fixes available 13 of 80
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
24 affected packages
xmlrpc-c, cableswig, apache2, apr-util, cmake...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| cableswig | — | — | Not in release | Not in release | Not in release |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | — | — | Not in release | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ayttm | — | — | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| firefox | Not affected | Not affected | Not affected | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | — | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | — | — | Not in release | Not in release | Not affected |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| vtk | — | — | Not in release | Not in release | Not in release |
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js.
8 affected packages
firefox, mozjs78, node-js-beautify, thunderbird, mozjs38...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not in release | Ignored |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | Not in release |
| node-js-beautify | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| mozjs38 | — | — | Not in release | Not in release | Ignored |
| mozjs52 | — | — | Not in release | Ignored | Ignored |
| mozjs68 | — | — | Not in release | Ignored | Not in release |
| mozjs91 | — | — | Ignored | Not in release | Not in release |
Some fixes available 4 of 10
Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Not in release | Needs evaluation | Needs evaluation | Ignored | Not in release |
| thunderbird | Not affected | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 10
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person,...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Not in release | Needs evaluation | Needs evaluation | Ignored | Not in release |
| thunderbird | Not affected | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 10
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Not in release | Needs evaluation | Needs evaluation | Ignored | Not in release |
| thunderbird | Not affected | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 10
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Not in release | Needs evaluation | Needs evaluation | Ignored | Not in release |
| thunderbird | Not affected | Not affected | Fixed | Fixed | Fixed |
Some fixes available 5 of 13
Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence...
7 affected packages
mozjs52, mozjs68, mozjs78, mozjs91, thunderbird...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | — | Not in release | Ignored | Ignored |
| mozjs68 | — | — | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
| mozjs91 | — | — | Ignored | Not in release | Not in release |
| thunderbird | — | Not affected | Fixed | Fixed | Fixed |
| firefox | — | Not affected | Not affected | Fixed | Fixed |
| mozjs38 | — | — | Not in release | Not in release | Ignored |
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Fixed | Fixed |
| thunderbird | — | — | Fixed | Fixed | Fixed |
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird...
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Fixed | Fixed |
| thunderbird | — | — | Fixed | Fixed | Fixed |
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This...
2 affected packages
firefox, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Not affected | Fixed | Fixed |
| thunderbird | — | — | Fixed | Fixed | Fixed |