Search CVE reports
891 – 900 of 2385 results
Some fixes available 16 of 24
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
7 affected packages
firefox, mozjs38, mozjs52, thunderbird, firefox-esr...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | — | — | — | — | — |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
Some fixes available 16 of 24
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, thunderbird...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Not in release | Ignored | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
| firefox-esr | — | — | — | — | — |
| mozjs78 | — | Not in release | Ignored | Not in release | Not in release |
Some fixes available 11 of 13
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by...
3 affected packages
firefox, thunderbird, rust-regex
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | Fixed | Fixed | Fixed |
| thunderbird | — | — | Not affected | Fixed | Fixed |
| rust-regex | — | — | Fixed | Fixed | — |
Some fixes available 23 of 97
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
24 affected packages
cadaver, apache2, apr-util, ayttm, cableswig...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 21 of 95
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
24 affected packages
thunderbird, ayttm, cableswig, cadaver, apache2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| firefox | Fixed | Fixed | Fixed | Not in release | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 23 of 97
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
24 affected packages
ayttm, apache2, apr-util, cmake, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| firefox | Fixed | Fixed | Fixed | Not in release | Ignored |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | — | Fixed | Fixed | Fixed |
Some fixes available 11 of 41
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...
11 affected packages
rust-crossbeam-utils, rust-crossbeam-utils-0.7, firefox, mozjs38, librsvg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-crossbeam-utils | Not affected | Not affected | Vulnerable | Vulnerable | Not in release |
| rust-crossbeam-utils-0.7 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| firefox | Fixed | Fixed | Fixed | Not in release | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Not in release | Ignored |
| librsvg | Not affected | Not affected | Not affected | Not affected | Not affected |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | Not in release |
| rustc | Not in release | Not affected | Fixed | Fixed | Not affected |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| cargo | Not in release | Not in release | Not affected | Not affected | Not affected |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | Not in release |
Some fixes available 30 of 112
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
24 affected packages
apache2, apr-util, cmake, expat, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| firefox | Fixed | Fixed | Fixed | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 30 of 112
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
24 affected packages
firefox, smart, vtk, thunderbird, apache2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Not in release | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |