Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

31 – 40 of 69 results

CVE-2021-46143

Medium priority

Some fixes available 24 of 293

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apache2, apr-util, astropy, audacity, ayttm...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
astropy Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
audacity Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coda Needs evaluation Needs evaluation Needs evaluation Ignored
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
emboss Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
harp Needs evaluation Needs evaluation Needs evaluation Ignored
ibm-3270 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Needs evaluation
insighttoolkit5 Needs evaluation Needs evaluation Ignored
libsynthesis Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Vulnerable Fixed Fixed Fixed Fixed
mame Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
opencollada Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
poco Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not in release Not affected Not in release
python3.8 Not in release Not in release Not affected Not affected Not in release
python3.9 Not in release Not in release Not affected Not in release Not in release
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
sitecopy Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Ignored Ignored
tla Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
visp Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xsd Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 50 packages Show less packages

CVE-2021-45833

Medium priority
Needs evaluation

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).

3 affected packages

hdf5, insighttoolkit5, paraview

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hdf5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit5 Needs evaluation Needs evaluation Ignored
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-45832

Medium priority
Needs evaluation

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).

3 affected packages

hdf5, insighttoolkit5, paraview

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hdf5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit5 Needs evaluation Needs evaluation Ignored
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-45830

Medium priority
Needs evaluation

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.

3 affected packages

hdf5, insighttoolkit5, paraview

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hdf5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit5 Needs evaluation Needs evaluation Ignored
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-45829

Medium priority
Needs evaluation

HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.

3 affected packages

hdf5, insighttoolkit5, paraview

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hdf5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit5 Needs evaluation Needs evaluation Ignored
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-45960

Low priority

Some fixes available 20 of 106

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Needs evaluation
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Ignored Ignored
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages

CVE-2021-29338

Low priority

Some fixes available 4 of 53

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Not affected Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Vulnerable Vulnerable Vulnerable Vulnerable Not in release
texmaker Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show all 7 packages Show less packages

CVE-2020-27845

Medium priority

Some fixes available 14 of 48

There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Not affected Not affected Not affected Vulnerable Not affected
ghostscript Not affected Not affected Not affected Fixed Fixed
insighttoolkit4 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
openjpeg Not in release Not in release Not in release Not in release Ignored
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Vulnerable Vulnerable Vulnerable Vulnerable Not in release
texmaker Vulnerable Vulnerable Vulnerable Vulnerable Not affected
Show all 7 packages Show less packages

CVE-2020-27844

Medium priority
Needs evaluation

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat...

6 affected packages

blender, insighttoolkit4, openjpeg, openjpeg2, qtwebengine-opensource-src, texmaker

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Not affected Not affected Not affected
qtwebengine-opensource-src Not affected Not affected Not affected Not affected Not in release
texmaker Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-27843

Low priority

Some fixes available 13 of 60

A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Fixed Fixed
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Ignored
openjpeg2 Fixed Fixed Fixed Vulnerable Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON