Search CVE reports

31 – 40 of 53 results

Detailed view

Sort by:

CVE-2022-22822

Medium priority

Some fixes available 32 of 135

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

cadaver, insighttoolkit4, matanza, swish-e, tdom...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
libxmltok	Fixed	Fixed	Fixed	Fixed
smart	Not in release	Not in release	Not in release	Not affected
thunderbird	Not affected	Fixed	Fixed	Ignored
texlive-bin	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release

CVE-2021-46143

Medium priority

Some fixes available 36 of 266

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apr-util, audacity, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apr-util	Not affected	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Ignored	Ignored
cmake	Not affected	Not affected	Not affected	Not affected
coda	Needs evaluation	Needs evaluation	Ignored	—
coin3	Not affected	Not affected	Not affected	Ignored
emboss	Needs evaluation	Needs evaluation	Ignored	Ignored
expat	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
libxmltok	Fixed	Fixed	Fixed	Fixed
harp	Needs evaluation	Needs evaluation	Ignored	—
ibm-3270	Needs evaluation	Needs evaluation	Ignored	Ignored
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit5	Needs evaluation	Needs evaluation	—	—
libsynthesis	Needs evaluation	Needs evaluation	Ignored	Ignored
mame	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored
opencollada	Needs evaluation	Needs evaluation	Ignored	Ignored
paraview	Needs evaluation	Needs evaluation	Ignored	Ignored
poco	Needs evaluation	Needs evaluation	Ignored	Ignored
python2.7	Not in release	Not affected	Not affected	Not affected
python3.10	Not in release	Not affected	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not affected
python3.7	Not in release	Not in release	Not in release	Not affected
python3.8	Not in release	Not in release	Not affected	Not affected
python3.9	Not in release	Not in release	Not affected	Not in release
thunderbird	Not affected	Not affected	Not in release	Ignored
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Ignored	Ignored
sitecopy	Not in release	Needs evaluation	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Ignored	Ignored
tdom	Needs evaluation	Needs evaluation	Ignored	Ignored
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Needs evaluation	Needs evaluation	Ignored	Ignored
visp	Needs evaluation	Needs evaluation	—	Ignored
vnc4	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Ignored	Ignored
xmlrpc	—	—	—	—
xmlrpc-c	Needs evaluation	Needs evaluation	Ignored	Ignored
xsd	Needs evaluation	Needs evaluation	Ignored	Ignored
apache2	Not affected	Not affected	Not affected	Not affected
astropy	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2021-45960

Low priority

Some fixes available 24 of 122

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

24 affected packages

vnc4, apache2, apr-util, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vnc4	Not in release	Not in release	Not in release	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Not affected	Not affected	Not affected	Not affected

CVE-2019-15903

Medium priority

Some fixes available 59 of 199

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...

32 affected packages

insighttoolkit4, cadaver, insighttoolkit, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
chromium-browser	Fixed	Fixed	Fixed	Fixed
sitecopy	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
coin3	Not affected	Not affected	Not affected	Vulnerable
firefox	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
libxmltok	Fixed	Fixed	Fixed	Fixed
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Vulnerable
expat	Not affected	Not affected	Not affected	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
thunderbird	Fixed	Fixed	Fixed	Fixed
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release

CVE-2018-20843

Low priority

Some fixes available 26 of 127

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, ghostscript, libparagui1.1, poco, sitecopy...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
firefox	Not affected	Not affected	Not in release	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Fixed	Fixed	Fixed	Fixed
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release

CVE-2017-12618

Low priority

Some fixes available 2 of 4

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to...

1 affected package

apr-util

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apr-util	—	Not affected	Not affected	Not affected

CVE-2016-6312

Low priority

Not affected

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with...

1 affected package

apr-util

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apr-util	—	—	—	—

CVE-2017-9233

Medium priority

Some fixes available 7 of 102

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

33 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
coin3	Not affected	Not affected	Not affected	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
firefox	Not affected	Not affected	Not in release	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not in release	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Not affected	Not affected	Not affected	Not affected

CVE-2016-5300

Medium priority

Some fixes available 5 of 101

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...

31 affected packages

apache2, apr-util, cmake, poco, sitecopy...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ghostscript	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release

CVE-2015-1283

Medium priority

Some fixes available 42 of 255

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

cmake, ghostscript, texlive-bin, libparagui1.1, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release
chromium-browser	Fixed	Fixed	Fixed	Fixed
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
oxide-qt	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
libxmltok	Fixed	Fixed	Fixed	Fixed
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page: