Search CVE reports
1 – 10 of 35275 results
CVE-2025-4919
Medium priorityAn attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 18.04 LTS |
|---|---|
| firefox | — |
| mozjs102 | — |
| mozjs115 | — |
| mozjs38 | Needs evaluation |
| mozjs52 | Ignored |
| mozjs68 | — |
| mozjs78 | — |
| mozjs91 | — |
| thunderbird | — |
CVE-2025-4918
Medium priorityAn attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 18.04 LTS |
|---|---|
| firefox | — |
| mozjs102 | — |
| mozjs115 | — |
| mozjs38 | Needs evaluation |
| mozjs52 | Ignored |
| mozjs68 | — |
| mozjs78 | — |
| mozjs91 | — |
| thunderbird | — |
CVE-2025-48188
Medium prioritylibpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
1 affected package
pspp
| Package | 18.04 LTS |
|---|---|
| pspp | Needs evaluation |
CVE-2025-4802
Medium priorityUntrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen...
2 affected packages
eglibc, glibc
| Package | 18.04 LTS |
|---|---|
| eglibc | — |
| glibc | Needs evaluation |
CVE-2025-47273
Medium prioritysetuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 18.04 LTS |
|---|---|
| python-pip | Needs evaluation |
| python-setuptools | Needs evaluation |
| setuptools | — |
CVE-2025-4211
Medium priorityImproper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 18.04 LTS |
|---|---|
| qt6-base | — |
| qtbase-opensource-src | Needs evaluation |
| qtbase-opensource-src-gles | — |
CVE-2025-40907
Medium priorityFCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based...
1 affected package
libfcgi-perl
| Package | 18.04 LTS |
|---|---|
| libfcgi-perl | Needs evaluation |
CVE-2025-37890
Medium priorityIn the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a...
132 affected packages
linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...
| Package | 18.04 LTS |
|---|---|
| linux | Needs evaluation |
| linux-allwinner-5.19 | — |
| linux-aws | Needs evaluation |
| linux-aws-5.0 | Ignored |
| linux-aws-5.11 | — |
| linux-aws-5.13 | — |
| linux-aws-5.15 | — |
| linux-aws-5.19 | — |
| linux-aws-5.3 | Ignored |
| linux-aws-5.4 | Needs evaluation |
| linux-aws-5.8 | — |
| linux-aws-6.2 | — |
| linux-aws-6.5 | — |
| linux-aws-6.8 | — |
| linux-aws-fips | Needs evaluation |
| linux-aws-hwe | — |
| linux-azure | Ignored |
| linux-azure-4.15 | Needs evaluation |
| linux-azure-5.11 | — |
| linux-azure-5.13 | — |
| linux-azure-5.15 | — |
| linux-azure-5.19 | — |
| linux-azure-5.3 | Ignored |
| linux-azure-5.4 | Needs evaluation |
| linux-azure-5.8 | — |
| linux-azure-6.11 | — |
| linux-azure-6.2 | — |
| linux-azure-6.5 | — |
| linux-azure-6.8 | — |
| linux-azure-edge | Ignored |
| linux-azure-fde | — |
| linux-azure-fde-5.15 | — |
| linux-azure-fde-5.19 | — |
| linux-azure-fde-6.2 | — |
| linux-azure-fips | Needs evaluation |
| linux-azure-nvidia | — |
| linux-bluefield | — |
| linux-fips | Needs evaluation |
| linux-gcp | Ignored |
| linux-gcp-4.15 | Needs evaluation |
| linux-gcp-5.11 | — |
| linux-gcp-5.13 | — |
| linux-gcp-5.15 | — |
| linux-gcp-5.19 | — |
| linux-gcp-5.3 | Ignored |
| linux-gcp-5.4 | Needs evaluation |
| linux-gcp-5.8 | — |
| linux-gcp-6.11 | — |
| linux-gcp-6.2 | — |
| linux-gcp-6.5 | — |
| linux-gcp-6.8 | — |
| linux-gcp-fips | Needs evaluation |
| linux-gke | — |
| linux-gke-4.15 | Ignored |
| linux-gke-5.15 | — |
| linux-gke-5.4 | Ignored |
| linux-gkeop | — |
| linux-gkeop-5.15 | — |
| linux-gkeop-5.4 | Ignored |
| linux-hwe | Ignored |
| linux-hwe-5.11 | — |
| linux-hwe-5.13 | — |
| linux-hwe-5.15 | — |
| linux-hwe-5.19 | — |
| linux-hwe-5.4 | Needs evaluation |
| linux-hwe-5.8 | — |
| linux-hwe-6.11 | — |
| linux-hwe-6.2 | — |
| linux-hwe-6.5 | — |
| linux-hwe-6.8 | — |
| linux-hwe-edge | Ignored |
| linux-ibm | — |
| linux-ibm-5.15 | — |
| linux-ibm-5.4 | Needs evaluation |
| linux-intel-5.13 | — |
| linux-intel-iot-realtime | — |
| linux-intel-iotg | — |
| linux-intel-iotg-5.15 | — |
| linux-iot | — |
| linux-kvm | Needs evaluation |
| linux-lowlatency | — |
| linux-lowlatency-hwe-5.15 | — |
| linux-lowlatency-hwe-5.19 | — |
| linux-lowlatency-hwe-6.11 | — |
| linux-lowlatency-hwe-6.2 | — |
| linux-lowlatency-hwe-6.5 | — |
| linux-lowlatency-hwe-6.8 | — |
| linux-lts-xenial | — |
| linux-nvidia | — |
| linux-nvidia-6.2 | — |
| linux-nvidia-6.5 | — |
| linux-nvidia-6.8 | — |
| linux-nvidia-lowlatency | — |
| linux-nvidia-tegra | — |
| linux-nvidia-tegra-igx | — |
| linux-oem | Ignored |
| linux-oem-5.10 | — |
| linux-oem-5.13 | — |
| linux-oem-5.14 | — |
| linux-oem-5.17 | — |
| linux-oem-5.6 | — |
| linux-oem-6.0 | — |
| linux-oem-6.1 | — |
| linux-oem-6.11 | — |
| linux-oem-6.5 | — |
| linux-oem-6.8 | — |
| linux-oracle | Needs evaluation |
| linux-oracle-5.0 | Ignored |
| linux-oracle-5.11 | — |
| linux-oracle-5.13 | — |
| linux-oracle-5.15 | — |
| linux-oracle-5.3 | Ignored |
| linux-oracle-5.4 | Needs evaluation |
| linux-oracle-5.8 | — |
| linux-oracle-6.5 | — |
| linux-oracle-6.8 | — |
| linux-raspi | — |
| linux-raspi-5.4 | Needs evaluation |
| linux-raspi-realtime | — |
| linux-raspi2 | — |
| linux-realtime | — |
| linux-riscv | — |
| linux-riscv-5.11 | — |
| linux-riscv-5.15 | — |
| linux-riscv-5.19 | — |
| linux-riscv-5.8 | — |
| linux-riscv-6.5 | — |
| linux-riscv-6.8 | — |
| linux-starfive-5.19 | — |
| linux-starfive-6.2 | — |
| linux-starfive-6.5 | — |
| linux-xilinx-zynqmp | — |
CVE-2025-31257
Medium priority(This issue was addressed with improved memory handling. This issue is ...)
5 affected packages
qtwebkit-opensource-src, qtwebkit-source, webkit2gtk, webkitgtk, wpewebkit
| Package | 18.04 LTS |
|---|---|
| qtwebkit-opensource-src | Ignored |
| qtwebkit-source | Ignored |
| webkit2gtk | Ignored |
| webkitgtk | Ignored |
| wpewebkit | — |
CVE-2025-31215
Medium priority(The issue was addressed with improved checks. This issue is fixed in w ...)
5 affected packages
qtwebkit-opensource-src, qtwebkit-source, webkit2gtk, webkitgtk, wpewebkit
| Package | 18.04 LTS |
|---|---|
| qtwebkit-opensource-src | Ignored |
| qtwebkit-source | Ignored |
| webkit2gtk | Ignored |
| webkitgtk | Ignored |
| wpewebkit | — |