Search CVE reports

111 – 120 of 1943 results

Detailed view

Sort by:

CVE-2024-2606

Medium priority

Some fixes available 1 of 11

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
mozjs102	Ignored	Ignored	Not in release	—	—
mozjs38	Not in release	Not in release	Not in release	Ignored	—
mozjs52	Not in release	Not in release	Ignored	Ignored	—
mozjs68	Not in release	Not in release	Ignored	—	—
mozjs78	Not in release	Ignored	Not in release	—	—
mozjs91	Not in release	Ignored	Not in release	—	—
thunderbird	Not affected	Not affected	Not affected	—	—

CVE-2024-28757

Medium priority

Some fixes available 2 of 67

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	—	Needs evaluation
cableswig	Not in release	Not in release	Not in release	—	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
expat	Not affected	Fixed	Ignored	Ignored	Ignored
firefox	Not affected	Not affected	Not affected	—	—
gdcm	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Ignored	Ignored	Ignored	Ignored	Ignored
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	—	—
vnc4	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	—	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2024-1936

Medium priority

Fixed

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user...

1 affected packages

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
thunderbird	Not affected	Fixed	Fixed	—	—

CVE-2024-1557

Medium priority

Some fixes available 1 of 11

Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2024-1556

Medium priority

Some fixes available 1 of 11

The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2024-1555

Medium priority

Some fixes available 1 of 11

When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2024-1554

Medium priority

Some fixes available 1 of 11

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

CVE-2024-1553

Medium priority

Some fixes available 4 of 13

Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2024-1552

Medium priority

Some fixes available 4 of 13

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8,...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

Export to JSON

Results by page: