Search CVE reports

Toggle filters

311 – 320 of 2282 results

CVE-2024-10465

Medium priority

Some fixes available 2 of 13

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10464

Medium priority

Some fixes available 2 of 13

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10463

Medium priority

Some fixes available 3 of 14

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10462

Medium priority

Some fixes available 2 of 13

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10461

Medium priority

Some fixes available 2 of 13

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10460

Medium priority

Some fixes available 2 of 13

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10459

Medium priority

Some fixes available 3 of 14

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-10458

Medium priority

Some fixes available 3 of 14

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Fixed
thunderbird Not affected Fixed Fixed
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2024-50602

Medium priority

Some fixes available 7 of 74

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

23 affected packages

smart, apache2, apr-util, cmake, ghostscript...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smart Not in release Not in release Not in release Needs evaluation
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
libxmltok Not affected Not affected Not affected Not affected
Show all 23 packages Show less packages

CVE-2024-50383

Medium priority

Some fixes available 3 of 11

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set....

3 affected packages

botan, oscar, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
botan Fixed Fixed Vulnerable Ignored
oscar Needs evaluation Needs evaluation Needs evaluation
thunderbird Not affected Not affected Not in release
Show less packages
  1. Previous page
  2. 30
  3. 31
  4. 32
  5. 33
  6. 34
  7. Next page
Export to JSON