Search CVE reports
11 – 20 of 2489 results
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(Sandbox escape due to incorrect boundary conditions in the Networking ...)
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
| mozjs38 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | — | — |
| mozjs91 | Not in release | Not in release | Ignored | — | — |
| mozjs102 | Not in release | Ignored | Ignored | — | — |
| mozjs115 | Not in release | Ignored | Not in release | — | — |
(Sandbox escape in the Security: Process Sandboxing component. This vul ...)
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
| mozjs38 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | — | — |
| mozjs91 | Not in release | Not in release | Ignored | — | — |
| mozjs102 | Not in release | Ignored | Ignored | — | — |
| mozjs115 | Not in release | Ignored | Not in release | — | — |
(Sandbox escape in the DOM: Navigation component. This vulnerability wa ...)
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
| mozjs38 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | — | — |
| mozjs91 | Not in release | Not in release | Ignored | — | — |
| mozjs102 | Not in release | Ignored | Ignored | — | — |
| mozjs115 | Not in release | Ignored | Not in release | — | — |
(Sandbox escape in the DOM: Workers component. This vulnerability was f ...)
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
| mozjs38 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | — | — |
| mozjs91 | Not in release | Not in release | Ignored | — | — |
| mozjs102 | Not in release | Ignored | Ignored | — | — |
| mozjs115 | Not in release | Ignored | Not in release | — | — |
(Incorrect boundary conditions in the Web Audio component. This vulnera ...)
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
| mozjs38 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | — | — |
| mozjs91 | Not in release | Not in release | Ignored | — | — |
| mozjs102 | Not in release | Ignored | Ignored | — | — |
| mozjs115 | Not in release | Ignored | Not in release | — | — |
(Use-after-free in the Networking: HTTP component. This vulnerability w ...)
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Vulnerable | — | — |
| mozjs38 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mozjs52 | Not in release | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Not in release | Ignored | — |
| mozjs78 | Not in release | Not in release | Ignored | — | — |
| mozjs91 | Not in release | Not in release | Ignored | — | — |
| mozjs102 | Not in release | Ignored | Ignored | — | — |
| mozjs115 | Not in release | Ignored | Not in release | — | — |
Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.
1 affected package
thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| thunderbird | Needs evaluation | Needs evaluation | Needs evaluation | — | — |