Search CVE reports
391 – 400 of 1943 results
CVE-2022-40674
Medium prioritySome fixes available 11 of 103
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | — | Not in release | Not in release | Not in release | Needs evaluation |
| cableswig | — | Not in release | Not in release | Not in release | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| gdcm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | Not in release | Not in release | Not in release | Needs evaluation |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
| libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not affected |
| matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
| vnc4 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| vtk | — | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-36059
Medium prioritySome fixes available 3 of 10
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning...
2 affected packages
node-matrix-js-sdk, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-matrix-js-sdk | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-3034
Medium prioritySome fixes available 3 of 4
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects...
1 affected packages
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2022-3033
Medium prioritySome fixes available 3 of 4
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then...
1 affected packages
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2022-3032
Medium prioritySome fixes available 3 of 4
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or...
1 affected packages
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2022-38476
Medium prioritySome fixes available 3 of 4
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability...
2 affected packages
firefox-esr, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox-esr | — | Not in release | Not in release | Not in release | Not in release |
| thunderbird | — | Fixed | Fixed | Fixed | Ignored |
CVE-2021-4214
Medium priorityA heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a...
5 affected packages
chromium-browser, firefox, libpng, libpng1.6, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | Not affected | Not affected | Not affected | Not affected |
| firefox | — | Not affected | Not affected | Not affected | Not affected |
| libpng | — | Not in release | Not in release | Not in release | Not affected |
| libpng1.6 | — | Not affected | Not affected | Not affected | Not affected |
| thunderbird | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-38478
Medium prioritySome fixes available 5 of 14
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-38477
Medium prioritySome fixes available 5 of 14
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2022-38475
Medium prioritySome fixes available 4 of 13
An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Not affected | Fixed | Fixed | Ignored | Ignored |