Search CVE reports

121 – 130 of 1943 results

Detailed view

Sort by:

CVE-2024-1551

Medium priority

Some fixes available 4 of 13

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2024-1550

Medium priority

Some fixes available 4 of 13

A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2024-1549

Medium priority

Some fixes available 4 of 13

If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123,...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2024-1548

Medium priority

Some fixes available 4 of 13

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR <...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2024-1547

Medium priority

Some fixes available 4 of 13

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8,...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2024-1546

Medium priority

Some fixes available 4 of 13

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2023-52426

Medium priority

Some fixes available 1 of 43

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
expat	Fixed	Not affected	Not affected	Not affected	Not affected
firefox	Not affected	Not affected	Not affected	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored
vnc4	Not in release	Not in release	Not in release	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Needs evaluation	Not affected	Not affected	Not affected	Not affected

CVE-2023-52425

Medium priority

Some fixes available 3 of 69

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Ignored	Ignored	Ignored
firefox	Not affected	Not affected	Not affected	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Ignored	Ignored	Ignored	Ignored	Ignored
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored
vnc4	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2024-0755

Medium priority

Some fixes available 4 of 17

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Fixed	Fixed	Ignored	Ignored

CVE-2024-0754

Low priority

Some fixes available 1 of 14

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.

8 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Not affected	Not affected	Fixed	Ignored	Ignored
mozjs102	Ignored	Ignored	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release	Not in release
mozjs91	Not in release	Ignored	Not in release	Not in release	Not in release
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored

Export to JSON

Results by page: