Search CVE reports
1 – 10 of 12 results
libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength...
1 affected package
libusb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libusb | Not affected | Not affected | Not affected | Not affected | Not affected |
libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than...
1 affected package
libusb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libusb | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 13 of 20
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
8 affected packages
firefox, mozjs78, libusrsctp, mozjs38, mozjs52...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Fixed | Fixed |
| mozjs78 | Not in release | Not in release | Ignored | Not in release | Not in release |
| libusrsctp | Not affected | Not affected | Not affected | Vulnerable | Not in release |
| mozjs38 | — | — | Not in release | Not in release | Ignored |
| mozjs52 | — | — | Not in release | Ignored | Ignored |
| mozjs68 | — | — | Not in release | Ignored | Not in release |
| mozjs91 | — | — | Ignored | Not in release | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 34 of 47
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
4 affected packages
chromium-browser, firefox, libusrsctp, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| libusrsctp | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Not in release |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
libuser has information disclosure when moving user's home directory
1 affected package
libuser
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libuser | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
1 affected package
libuser
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libuser | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
Some fixes available 3 of 4
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may...
1 affected package
ibus
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ibus | — | — | — | — | Fixed |
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
2 affected packages
libimobiledevice, libusbmuxd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libimobiledevice | — | — | — | — | — |
| libusbmuxd | — | — | — | — | — |
Some fixes available 1 of 7
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing...
1 affected package
libuser
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libuser | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 7
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd...
1 affected package
libuser
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libuser | Needs evaluation | Not affected | Not affected | Not affected | Not affected |