Search CVE reports
661 – 670 of 41446 results
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 18.04 LTS |
|---|---|
| firefox | — |
| thunderbird | — |
| mozjs38 | Needs evaluation |
| mozjs52 | Ignored |
| mozjs68 | — |
| mozjs78 | — |
| mozjs91 | — |
| mozjs102 | — |
| mozjs115 | — |
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 18.04 LTS |
|---|---|
| firefox | — |
| thunderbird | — |
| mozjs38 | Needs evaluation |
| mozjs52 | Ignored |
| mozjs68 | — |
| mozjs78 | — |
| mozjs91 | — |
| mozjs102 | — |
| mozjs115 | — |
[qemu: Heap off-by-one in KVM Xen PHYSDEVOP_map_pirq]
1 affected package
qemu
| Package | 18.04 LTS |
|---|---|
| qemu | Not affected |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API...
5 affected packages
libpng, libpng1.6, firefox, chromium-browser, thunderbird
| Package | 18.04 LTS |
|---|---|
| libpng | — |
| libpng1.6 | Vulnerable |
| firefox | — |
| chromium-browser | — |
| thunderbird | — |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API...
5 affected packages
libpng, libpng1.6, firefox, chromium-browser, thunderbird
| Package | 18.04 LTS |
|---|---|
| libpng | — |
| libpng1.6 | Vulnerable |
| firefox | — |
| chromium-browser | — |
| thunderbird | — |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause...
1 affected package
wlc
| Package | 18.04 LTS |
|---|---|
| wlc | Fixed |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
1 affected package
wlc
| Package | 18.04 LTS |
|---|---|
| wlc | Fixed |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2...
1 affected package
avahi
| Package | 18.04 LTS |
|---|---|
| avahi | Fixed |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource...
1 affected package
avahi
| Package | 18.04 LTS |
|---|---|
| avahi | Fixed |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record...
1 affected package
avahi
| Package | 18.04 LTS |
|---|---|
| avahi | Fixed |