Search CVE reports
461 – 470 of 35759 results
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
[qemu: Heap off-by-one in KVM Xen PHYSDEVOP_map_pirq]
1 affected package
qemu
| Package | 22.04 LTS |
|---|---|
| qemu | Not affected |
Some fixes available 1 of 2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Fixed |
| firefox | Not affected |
| thunderbird | Needs evaluation |
| chromium-browser | Not affected |
Some fixes available 1 of 2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Fixed |
| firefox | Not affected |
| thunderbird | Needs evaluation |
| chromium-browser | Not affected |
Not in release
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer...
1 affected package
golang-github-sigstore-fulcio
| Package | 22.04 LTS |
|---|---|
| golang-github-sigstore-fulcio | Not in release |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies...
1 affected package
cpp-httplib
| Package | 22.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause...
1 affected package
wlc
| Package | 22.04 LTS |
|---|---|
| wlc | Fixed |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
1 affected package
wlc
| Package | 22.04 LTS |
|---|---|
| wlc | Fixed |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2...
1 affected package
avahi
| Package | 22.04 LTS |
|---|---|
| avahi | Fixed |