Search CVE reports


Toggle filters

61 – 70 of 451 results


CVE-2022-25314

Medium priority

Some fixes available 15 of 100

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Not affected
firefox Fixed Fixed Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Needs evaluation
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Ignored Ignored
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages

CVE-2022-25313

Medium priority

Some fixes available 17 of 102

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Needs evaluation
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Ignored Ignored
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages

CVE-2022-25236

High priority

Some fixes available 21 of 112

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Needs evaluation
libxmltok Vulnerable Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Ignored Ignored
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show all 24 packages Show less packages

CVE-2022-25235

High priority

Some fixes available 21 of 112

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Needs evaluation
libxmltok Vulnerable Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Ignored Ignored
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show all 24 packages Show less packages

CVE-2022-23990

Medium priority

Some fixes available 17 of 79

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not affected
cableswig Not in release Not in release Not in release Not in release Not affected
cadaver Needs evaluation Needs evaluation Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable Vulnerable
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected Not affected
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Vulnerable Vulnerable Vulnerable
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Not affected Not affected Not affected
tdom Needs evaluation Needs evaluation Vulnerable Vulnerable Vulnerable
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Ignored Ignored
vnc4 Not in release Not in release Not in release Not affected Not affected
vtk Not in release Not in release Not in release Not in release Not affected
wbxml2 Needs evaluation Needs evaluation Vulnerable Vulnerable Vulnerable
xmlrpc-c Needs evaluation Needs evaluation Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-23852

Medium priority

Some fixes available 17 of 84

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not affected
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable Vulnerable
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Vulnerable
insighttoolkit4 Not in release Not affected Not affected Not affected Vulnerable
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Not affected Not affected Not affected
tdom Needs evaluation Needs evaluation Vulnerable Vulnerable Vulnerable
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Ignored Ignored
vnc4 Not in release Not in release Not in release Vulnerable Vulnerable
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Vulnerable Vulnerable Vulnerable
xmlrpc-c Needs evaluation Needs evaluation Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2021-46244

Low priority
Needs evaluation

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

8 affected packages

hdf5, insighttoolkit4, kissplice, paraview, r-bloc-rhdf5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hdf5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kissplice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
r-bloc-rhdf5 Ignored
vtk Needs evaluation
vtk6 Needs evaluation Needs evaluation Needs evaluation
xdmf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2021-46243

Medium priority
Needs evaluation

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

6 affected packages

hdf5, insighttoolkit4, kissplice, paraview, vtk, xdmf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hdf5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kissplice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Needs evaluation
xdmf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-46242

Medium priority
Needs evaluation

HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.

6 affected packages

hdf5, insighttoolkit4, kissplice, paraview, vtk, xdmf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hdf5 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kissplice Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Needs evaluation
xdmf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-0326

Low priority
Needs evaluation

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

5 affected packages

cargo, groonga, h2o, mruby, nghttp2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Not affected Not affected Not affected Not affected
groonga Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
mruby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nghttp2 Not affected Not affected Not affected Not affected Not affected
Show less packages