Search CVE reports
41 – 50 of 38290 results
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 20.04 LTS |
|---|---|
| firefox | — |
| thunderbird | — |
| mozjs38 | — |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | — |
| mozjs91 | — |
| mozjs102 | — |
| mozjs115 | — |
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 20.04 LTS |
|---|---|
| firefox | — |
| thunderbird | — |
| mozjs38 | — |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | — |
| mozjs91 | — |
| mozjs102 | — |
| mozjs115 | — |
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in...
1 affected package
erlang
| Package | 20.04 LTS |
|---|---|
| erlang | Needs evaluation |
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside...
1 affected package
erlang
| Package | 20.04 LTS |
|---|---|
| erlang | Needs evaluation |
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the...
1 affected package
tinyproxy
| Package | 20.04 LTS |
|---|---|
| tinyproxy | Needs evaluation |
[Address a potential TOCTOU race condition in cap_set_file()]
1 affected package
libcap2
| Package | 20.04 LTS |
|---|---|
| libcap2 | Needs evaluation |
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web...
1 affected package
activemq
| Package | 20.04 LTS |
|---|---|
| activemq | Needs evaluation |
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances (when creating a Stomp consumer and also browsing messages in the...
1 affected package
activemq
| Package | 20.04 LTS |
|---|---|
| activemq | Needs evaluation |
Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Not affected |
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Not affected |