Search CVE reports

1 – 10 of 21 results

Detailed view

Sort by:

CVE-2025-45766

Medium priority

Needs evaluation

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review...

1 affected package

poco

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
poco	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2025-6375

Medium priority

Needs evaluation

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer...

1 affected package

poco

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
poco	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-52389

Medium priority

Needs evaluation

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32...

1 affected package

poco

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
poco	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-46143

Medium priority

Some fixes available 30 of 333

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apr-util, audacity, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apr-util	Not affected	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected
coda	Needs evaluation	Needs evaluation	Needs evaluation	—
coin3	Not affected	Not affected	Not affected	Needs evaluation
emboss	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
libxmltok	Fixed	Fixed	Fixed	Fixed
harp	Needs evaluation	Needs evaluation	Needs evaluation	—
ibm-3270	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit5	Needs evaluation	Needs evaluation	—	—
libsynthesis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
mame	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored
opencollada	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
paraview	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
python2.7	Not in release	Not affected	Not affected	Not affected
python3.10	Not in release	Not affected	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not affected
python3.7	Not in release	Not in release	Not in release	Not affected
python3.8	Not in release	Not in release	Not affected	Not affected
python3.9	Not in release	Not in release	Not affected	Not in release
thunderbird	Not affected	Not affected	Not in release	Ignored
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
sitecopy	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
visp	Needs evaluation	Needs evaluation	—	Needs evaluation
vnc4	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc	—	—	—	—
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xsd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected
astropy	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2019-15903

Medium priority

Some fixes available 59 of 199

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...

32 affected packages

insighttoolkit4, cadaver, insighttoolkit, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
chromium-browser	Fixed	Fixed	Fixed	Fixed
sitecopy	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
coin3	Not affected	Not affected	Not affected	Vulnerable
firefox	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
libxmltok	Fixed	Fixed	Fixed	Fixed
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Vulnerable
expat	Not affected	Not affected	Not affected	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
thunderbird	Fixed	Fixed	Fixed	Fixed
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release

CVE-2018-20843

Low priority

Some fixes available 26 of 127

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, ghostscript, libparagui1.1, poco, sitecopy...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
firefox	Not affected	Not affected	Not in release	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Fixed	Fixed	Fixed	Fixed
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release

CVE-2017-1000472

Medium priority

Some fixes available 2 of 4

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks...

1 affected package

poco

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
poco	—	—	—	Not affected

CVE-2017-9233

Medium priority

Some fixes available 7 of 102

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

33 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
coin3	Not affected	Not affected	Not affected	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
firefox	Not affected	Not affected	Not in release	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not in release	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Not affected	Not affected	Not affected	Not affected

CVE-2016-5300

Medium priority

Some fixes available 5 of 101

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...

31 affected packages

apache2, apr-util, cmake, poco, sitecopy...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ghostscript	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release

CVE-2016-4472

Medium priority

Some fixes available 7 of 180

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this...

26 affected packages

ayttm, poco, libparagui1.1, sitecopy, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
sitecopy	Not in release	Not affected	Not affected	Not affected
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
audacity	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
tdom	Not affected	Not affected	Not affected	Not affected
libxmltok	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page: