Search CVE reports
3771 – 3780 of 60314 results
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability...
1 affected package
thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| thunderbird | Not affected | Fixed | Not in release | — |
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
9 affected packages
mozjs52, firefox, thunderbird, mozjs38, mozjs68...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mozjs52 | Not in release | Not in release | Needs evaluation | Ignored |
| firefox | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not in release | — |
| mozjs38 | Not in release | Not in release | Not in release | Needs evaluation |
| mozjs68 | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Ignored | Not in release | — |
| mozjs91 | Not in release | Ignored | Not in release | — |
| mozjs102 | Ignored | Ignored | Not in release | — |
| mozjs115 | Ignored | Not in release | Not in release | — |
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker...
1 affected package
krb5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| krb5 | Fixed | Fixed | Fixed | Fixed |
Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message...
4 affected packages
kalkun, civicrm, phpmyadmin, znuny
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kalkun | Not in release | Not in release | Not in release | — |
| civicrm | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| phpmyadmin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| znuny | Needs evaluation | Not in release | Not in release | — |
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original,...
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | Fixed | Not affected | Not affected | Not affected |
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
2 affected packages
libsoup2.4, libsoup3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
| libsoup3 | Fixed | Fixed | Not in release | — |
A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
2 affected packages
libsoup3, libsoup2.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libsoup3 | Fixed | Fixed | Not in release | — |
| libsoup2.4 | Fixed | Fixed | Fixed | Fixed |