Search CVE reports
1 – 10 of 10 results
Some fixes available 11 of 20
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
8 affected packages
firefox, mozjs78, libusrsctp, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| libusrsctp | Not affected | Not affected | Vulnerable | Not in release |
| mozjs38 | — | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Ignored | Ignored |
| mozjs68 | — | Not in release | Ignored | Not in release |
| mozjs91 | — | Ignored | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 30 of 42
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
4 affected packages
chromium-browser, firefox, libusrsctp, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not in release | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed |
| libusrsctp | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may...
1 affected package
ibus
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ibus | — | — | — | Fixed |
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
2 affected packages
libimobiledevice, libusbmuxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libimobiledevice | — | — | — | — |
| libusbmuxd | — | — | — | — |
Some fixes available 1 of 6
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing...
1 affected package
libuser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libuser | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 6
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd...
1 affected package
libuser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libuser | Not affected | Not affected | Not affected | Not affected |
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically...
1 affected package
ibus
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ibus | — | — | — | — |
libuser has information disclosure when moving user's home directory
1 affected package
libuser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libuser | Not affected | Not affected | Not affected | Not affected |
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
1 affected package
libuser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libuser | Not affected | Not affected | Not affected | Not affected |
libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
1 affected package
libuser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libuser | — | — | — | — |