CVE search results

1541 – 1550 of 3038 results

Detailed view

Sort by:

CVE-2017-7753

Medium priority

Some fixes available 14 of 16

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

3 affected packages

firefox, mozjs38, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	Fixed
mozjs38	—	—	—	Not affected
thunderbird	—	—	—	Fixed

CVE-2017-7789

Medium priority

Some fixes available 3 of 4

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects...

2 affected packages

firefox, mozjs38

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
mozjs38	—	—	—	—

CVE-2017-9233

Medium priority

Some fixes available 7 of 102

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

33 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
coin3	Not affected	Not affected	Not affected	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
firefox	Not affected	Not affected	Not in release	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not in release	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Not affected	Not affected	Not affected	Not affected

CVE-2017-7778

Medium priority

Some fixes available 11 of 12

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This...

3 affected packages

firefox, graphite2, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
graphite2	—	—	—	—
thunderbird	—	—	—	—

CVE-2017-7777

Medium priority

Some fixes available 11 of 12

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

3 affected packages

firefox, graphite2, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
graphite2	—	—	—	—
thunderbird	—	—	—	—

CVE-2017-7776

Medium priority

Some fixes available 11 of 12

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

3 affected packages

firefox, graphite2, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
graphite2	—	—	—	—
thunderbird	—	—	—	—

CVE-2017-7775

Medium priority

Some fixes available 11 of 12

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

3 affected packages

thunderbird, firefox, graphite2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	—	—	—	—
firefox	—	—	—	—
graphite2	—	—	—	—

CVE-2017-7774

Medium priority

Some fixes available 11 of 12

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

3 affected packages

firefox, graphite2, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
graphite2	—	—	—	—
thunderbird	—	—	—	—

CVE-2017-7773

Medium priority

Some fixes available 11 of 12

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

3 affected packages

firefox, graphite2, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
graphite2	—	—	—	—
thunderbird	—	—	—	—

CVE-2017-7772

Medium priority

Some fixes available 11 of 12

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.

3 affected packages

graphite2, firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
graphite2	—	—	—	—
firefox	—	—	—	—
thunderbird	—	—	—	—

Export to JSON

Results by page:

Search CVE reports