Search CVE reports
41 – 50 of 2680 results
CVE-2024-45492
Medium prioritySome fixes available 6 of 61
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45491
Medium prioritySome fixes available 12 of 67
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45490
Medium prioritySome fixes available 12 of 67
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-43113
Negligible priorityThe contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Not affected | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Not affected | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-43112
Negligible priorityLong pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Not affected | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Not affected | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-43111
Negligible priorityLong pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Not affected | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Not affected | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-7531
Medium prioritySome fixes available 1 of 11
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-7530
Medium prioritySome fixes available 1 of 11
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |
CVE-2024-7529
Medium prioritySome fixes available 3 of 13
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1,...
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Fixed | Fixed | — | — |
CVE-2024-7528
Medium prioritySome fixes available 1 of 11
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | — | — |
mozjs102 | Ignored | Ignored | Not in release | — | — |
mozjs115 | Ignored | Not in release | Not in release | — | — |
mozjs38 | Not in release | Not in release | Not in release | Needs evaluation | — |
mozjs52 | Not in release | Not in release | Ignored | Ignored | — |
mozjs68 | Not in release | Not in release | Ignored | — | — |
mozjs78 | Not in release | Ignored | Not in release | — | — |
mozjs91 | Not in release | Ignored | Not in release | — | — |
thunderbird | Not affected | Not affected | Not affected | — | — |