Search CVE reports
711 – 720 of 1943 results
CVE-2019-11760
Medium prioritySome fixes available 25 of 34
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11759
Medium prioritySome fixes available 25 of 34
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11757
Medium prioritySome fixes available 25 of 34
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11755
Medium prioritySome fixes available 3 of 4
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message,...
1 affected packages
thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
thunderbird | — | — | — | Fixed | Fixed |
CVE-2019-11739
Medium priorityEncrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.
1 affected packages
thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
thunderbird | — | — | — | Fixed | Fixed |
CVE-2019-16707
Low priorityHunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
10 affected packages
calibre, chromium, enchant, firefox, focuswriter...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
calibre | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
enchant | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
focuswriter | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
hunspell | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
postbooks | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-15903
Medium prioritySome fixes available 48 of 168
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
vnc4 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
vtk | Not in release | Not in release | Not in release | Not in release | Fixed |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2019-11752
Medium prioritySome fixes available 26 of 34
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird <...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11746
Medium prioritySome fixes available 26 of 34
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1,...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11744
Medium prioritySome fixes available 26 of 34
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and...
5 affected packages
firefox, mozjs38, mozjs52, mozjs60, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |