Search CVE reports
301 – 310 of 37324 results
This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4....
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 22.04 LTS |
|---|---|
| webkitgtk | Not in release |
| webkit2gtk | Vulnerable |
| qtwebkit-source | Not in release |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | Ignored |
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 22.04 LTS |
|---|---|
| webkitgtk | Not in release |
| webkit2gtk | Vulnerable |
| qtwebkit-source | Not in release |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | Ignored |
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This...
1 affected package
isc-kea
| Package | 22.04 LTS |
|---|---|
| isc-kea | Needs evaluation |
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 22.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | Needs evaluation |
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 22.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | Needs evaluation |
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 22.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | Needs evaluation |
Some fixes available 1 of 2
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 22.04 LTS |
|---|---|
| bind9 | Fixed |
| isc-dhcp | Not affected |
| bind9-libs | Needs evaluation |
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Not in release
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via...
1 affected package
nats-server
| Package | 22.04 LTS |
|---|---|
| nats-server | Not in release |