Search CVE reports

151 – 160 of 194 results

Detailed view

Sort by:

CVE-2013-0340

Medium priority

Ignored

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

gdcm, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gdcm	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
tdom	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2013-0341

Medium priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

40 affected packages

tdom, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tdom	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2012-6702

Medium priority

Some fixes available 5 of 107

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

32 affected packages

ayttm, apache2, cmake, ghostscript, paraview...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
apache2	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
paraview	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
matanza	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected

CVE-2012-1147

Low priority

Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

expat, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	—	—	—	Not affected
apr-util	—	—	—	Ignored
audacity	—	—	—	Not affected
ayttm	—	—	—	Not in release
cableswig	—	—	—	Not in release
cadaver	—	—	—	Not affected
coin3	—	—	—	Not affected
gdcm	—	—	—	Not affected
insighttoolkit	—	—	—	Not in release
matanza	—	—	—	Not affected
paraview	—	—	—	Not affected
poco	—	—	—	Not affected
simgear	—	—	—	Not affected
sitecopy	—	—	—	Not affected
swish-e	—	—	—	Not affected
tdom	—	—	—	Not affected
texlive-bin	—	—	—	Ignored
tla	—	—	—	Not affected
vnc4	—	—	—	Ignored
vtk	—	—	—	Not in release
wbxml2	—	—	—	Not affected
wxwidgets2.8	—	—	—	Not in release
apache2	—	—	—	Ignored
celementtree	—	—	—	Not in release
cmake	—	—	—	Ignored
ghostscript	—	—	—	Ignored
grmonitor	—	—	—	Not in release
kompozer	—	—	—	Not in release
libparagui1.1	—	—	—	Not in release
python-xml	—	—	—	Not in release
python2.4	—	—	—	Not in release
python2.5	—	—	—	Not in release
python2.6	—	—	—	Not in release
smart	—	—	—	Ignored
w3c-libwww	—	—	—	Not in release
wxwidgets2.6	—	—	—	Not in release
wxwindows2.4	—	—	—	Not in release
xmlrpc-c	—	—	—	Ignored
xotcl	—	—	—	Not affected
xulrunner	—	—	—	Not in release

CVE-2012-1148

Low priority

Some fixes available 45 of 407

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

ayttm, poco, celementtree, python-xml, paraview...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
python-xml	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
audacity	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
w3c-libwww	Not in release	Not in release	Not in release	Not in release
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
sitecopy	Not in release	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
matanza	Ignored	Ignored	Ignored	Ignored
libxmltok	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
grmonitor	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
python2.6	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed

CVE-2012-0876

Medium priority

Some fixes available 38 of 396

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

cmake, paraview, python-xml, libparagui1.1, poco...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cmake	Not affected	Not affected	Not affected	Not affected
paraview	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
w3c-libwww	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
xulrunner	Not in release	Not in release	Not in release	Not in release

CVE-2012-2120

Negligible priority

Ignored

latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

1 affected package

texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texlive-bin	—	—	—	—

CVE-2010-3704

Medium priority

Some fixes available 9 of 77

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to...

11 affected packages

gpdf, ipe, koffice, poppler, kdegraphics...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
koffice	Not in release	Not in release	Not in release	Not in release
poppler	Not affected	Not affected	Not affected	Not affected
kdegraphics	Not in release	Not in release	Not in release	Not in release
libextractor	Not affected	Not affected	Not affected	Not affected
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected

CVE-2010-3703

Medium priority

Some fixes available 4 of 74

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a...

11 affected packages

kdegraphics, gpdf, ipe, pdfkit.framework, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
kdegraphics	Not in release	Not in release	Not in release	Not in release
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
libextractor	Not affected	Not affected	Not affected	Not affected
koffice	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
poppler	Not affected	Not affected	Not affected	Not affected
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected

CVE-2010-3702

Medium priority

Some fixes available 9 of 77

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of...

11 affected packages

koffice, gpdf, ipe, poppler, tetex-bin...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
koffice	Not in release	Not in release	Not in release	Not in release
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poppler	Not affected	Not affected	Not affected	Not affected
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
kdegraphics	Not in release	Not in release	Not in release	Not in release
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
libextractor	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected

Export to JSON

Results by page: