Search CVE reports

Toggle filters

81 – 90 of 257 results

CVE-2022-23852

Medium priority

Some fixes available 23 of 106

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

24 affected packages

apache2, expat, apr-util, cadaver, coin3...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed Fixed
apr-util Not affected Not affected Not affected Not affected Not affected
cadaver Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Vulnerable
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
thunderbird Ignored Ignored Ignored Not in release Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Vulnerable
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-22827

Medium priority

Some fixes available 34 of 113

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

expat, apache2, apr-util, ayttm, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Fixed Fixed Fixed Fixed Fixed
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Fixed Fixed Fixed Fixed
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
thunderbird Not affected Not affected Fixed Fixed Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 24 packages Show less packages

CVE-2022-22826

Medium priority

Some fixes available 34 of 113

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

cmake, expat, vtk, apache2, apr-util...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cmake Not affected Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed Fixed
vtk Not in release Not in release Not in release Not in release Not in release
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
coin3 Not affected Not affected Not affected Not affected Ignored
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Fixed Fixed Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 24 packages Show less packages

CVE-2022-22825

Medium priority

Some fixes available 34 of 113

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

apache2, apr-util, ayttm, cadaver, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Fixed Fixed Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vtk Not in release Not in release Not in release Not in release Not in release
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 24 packages Show less packages

CVE-2022-22824

Medium priority

Some fixes available 34 of 113

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

expat, apache2, apr-util, ayttm, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Fixed Fixed Fixed Fixed Fixed
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Fixed Fixed Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 24 packages Show less packages

CVE-2022-22823

Medium priority

Some fixes available 34 of 113

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

apr-util, ayttm, cadaver, apache2, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Fixed Fixed Fixed Fixed
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Ignored
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Fixed Fixed Ignored
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 24 packages Show less packages

CVE-2022-22822

Medium priority

Some fixes available 34 of 113

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

cadaver, insighttoolkit4, matanza, swish-e, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Fixed Fixed Fixed Fixed
smart Not in release Not in release Not in release Not in release Not affected
thunderbird Not affected Not affected Fixed Fixed Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2021-46143

Medium priority

Some fixes available 39 of 288

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apr-util, audacity, ayttm, cableswig, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apr-util Not affected Not affected Not affected Not affected Not affected
audacity Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
cmake Not affected Not affected Not affected Not affected Not affected
coda Needs evaluation Needs evaluation Needs evaluation Ignored
coin3 Not affected Not affected Not affected Not affected Ignored
emboss Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Fixed Fixed Fixed Fixed
harp Needs evaluation Needs evaluation Needs evaluation Ignored
ibm-3270 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit5 Needs evaluation Needs evaluation Needs evaluation
libsynthesis Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
mame Fixed Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Ignored
opencollada Not in release Needs evaluation Needs evaluation Ignored Ignored
paraview Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
poco Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
python2.7 Not in release Not in release Not affected Not affected Not affected
python3.10 Not in release Not in release Not affected Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not in release Not affected
python3.8 Not in release Not in release Not in release Not affected Not affected
python3.9 Not in release Not in release Not in release Not affected Not in release
thunderbird Not affected Not affected Not affected Not in release Ignored
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
sitecopy Needs evaluation Not in release Needs evaluation Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
tla Not in release Needs evaluation Needs evaluation Ignored Ignored
visp Needs evaluation Needs evaluation Needs evaluation Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xsd Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
astropy Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 50 packages Show less packages

CVE-2021-45960

Low priority

Some fixes available 26 of 100

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

24 affected packages

vnc4, apache2, apr-util, ayttm, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
vnc4 Not in release Not in release Not in release Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libxmltok Not in release Not affected Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2021-45949

Medium priority
Fixed

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

1 affected package

ghostscript

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ghostscript Not affected Fixed Fixed
Show less packages
  1. Previous page
  2. 7
  3. 8
  4. 9
  5. 10
  6. 11
  7. Next page
Export to JSON