Search CVE reports
1 – 10 of 29318 results
CVE-2025-4919
Medium priorityAn attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| thunderbird | Vulnerable |
CVE-2025-4918
Medium priorityAn attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
9 affected packages
firefox, mozjs102, mozjs115, mozjs38, mozjs52...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| thunderbird | Vulnerable |
CVE-2025-48188
Medium prioritylibpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.
1 affected package
pspp
| Package | 22.04 LTS |
|---|---|
| pspp | Needs evaluation |
CVE-2025-4802
Medium priorityUntrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen...
2 affected packages
eglibc, glibc
| Package | 22.04 LTS |
|---|---|
| eglibc | Not in release |
| glibc | Needs evaluation |
CVE-2025-47792
Medium priorityNextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API....
1 affected package
nextcloud-desktop
| Package | 22.04 LTS |
|---|---|
| nextcloud-desktop | Needs evaluation |
CVE-2025-47273
Medium prioritysetuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 22.04 LTS |
|---|---|
| python-pip | Needs evaluation |
| python-setuptools | Needs evaluation |
| setuptools | Needs evaluation |
CVE-2025-4476
Medium priorityA denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted...
1 affected package
libsoup3
| Package | 22.04 LTS |
|---|---|
| libsoup3 | Needs evaluation |
CVE-2025-4211
Medium priorityImproper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 22.04 LTS |
|---|---|
| qt6-base | Needs evaluation |
| qtbase-opensource-src | Needs evaluation |
| qtbase-opensource-src-gles | Needs evaluation |
CVE-2025-40907
Medium priorityFCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based...
1 affected package
libfcgi-perl
| Package | 22.04 LTS |
|---|---|
| libfcgi-perl | Not affected |
CVE-2025-40906
Medium priorityBSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and...
1 affected package
libbson-xs-perl
| Package | 22.04 LTS |
|---|---|
| libbson-xs-perl | Needs evaluation |