Search CVE reports
231 – 240 of 35526 results
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
[qemu: Heap off-by-one in KVM Xen PHYSDEVOP_map_pirq]
1 affected package
qemu
| Package | 22.04 LTS |
|---|---|
| qemu | Not affected |
Some fixes available 1 of 2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Fixed |
| firefox | Not affected |
| thunderbird | Needs evaluation |
| chromium-browser | Not affected |
Some fixes available 1 of 2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Fixed |
| firefox | Not affected |
| thunderbird | Needs evaluation |
| chromium-browser | Not affected |
Not in release
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer...
1 affected package
golang-github-sigstore-fulcio
| Package | 22.04 LTS |
|---|---|
| golang-github-sigstore-fulcio | Not in release |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies...
1 affected package
cpp-httplib
| Package | 22.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause...
1 affected package
wlc
| Package | 22.04 LTS |
|---|---|
| wlc | Needs evaluation |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
1 affected package
wlc
| Package | 22.04 LTS |
|---|---|
| wlc | Needs evaluation |