Search CVE reports

71 – 80 of 88 results

Detailed view

Sort by:

CVE-2013-1912

Medium priority

Some fixes available 4 of 6

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote...

1 affected packages

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
haproxy	—	—	—	—	—

CVE-2012-6702

Medium priority

Some fixes available 5 of 103

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected	Not affected
paraview	Not affected	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2012-1147

Low priority

Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	Ignored	Ignored
apr-util	—	—	—	Ignored	Ignored
audacity	—	—	—	Not affected	Not affected
ayttm	—	—	—	Not in release	Not affected
cableswig	—	—	—	Not in release	Not affected
cadaver	—	—	—	Not affected	Not affected
celementtree	—	—	—	Not in release	Not in release
cmake	—	—	—	Ignored	Ignored
coin3	—	—	—	Not affected	Not affected
expat	—	—	—	Not affected	Not affected
gdcm	—	—	—	Not affected	Not affected
ghostscript	—	—	—	Ignored	Ignored
grmonitor	—	—	—	Not in release	Not in release
insighttoolkit	—	—	—	Not in release	Not affected
kompozer	—	—	—	Not in release	Not in release
libparagui1.1	—	—	—	Not in release	Not in release
matanza	—	—	—	Not affected	Not affected
paraview	—	—	—	Not affected	Not affected
poco	—	—	—	Not affected	Not affected
python-xml	—	—	—	Not in release	Not in release
python2.4	—	—	—	Not in release	Not in release
python2.5	—	—	—	Not in release	Not in release
python2.6	—	—	—	Not in release	Not in release
simgear	—	—	—	Not affected	Not affected
sitecopy	—	—	—	Not affected	Not affected
smart	—	—	—	Ignored	Ignored
swish-e	—	—	—	Not affected	Not affected
tdom	—	—	—	Not affected	Not affected
texlive-bin	—	—	—	Ignored	Ignored
tla	—	—	—	Not affected	Not affected
vnc4	—	—	—	Ignored	Ignored
vtk	—	—	—	Not in release	Not affected
w3c-libwww	—	—	—	Not in release	Not in release
wbxml2	—	—	—	Not affected	Not affected
wxwidgets2.6	—	—	—	Not in release	Not in release
wxwidgets2.8	—	—	—	Not in release	Not in release
wxwindows2.4	—	—	—	Not in release	Not in release
xmlrpc-c	—	—	—	Ignored	Ignored
xotcl	—	—	—	Not affected	Not affected
xulrunner	—	—	—	Not in release	Not in release

CVE-2012-1148

Low priority

Some fixes available 40 of 398

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
celementtree	Not in release	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
paraview	Not affected	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2012-0876

Medium priority

Some fixes available 36 of 388

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
celementtree	Not in release	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
paraview	Not affected	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2012-2942

Low priority

Some fixes available 4 of 7

Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to...

1 affected packages

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
haproxy	—	—	—	—	—

CVE-2012-0840

Low priority

Ignored

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial...

1 affected packages

apr

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apr	—	—	—	—	—

CVE-2011-1928

Medium priority

Fixed

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does...

2 affected packages

apache2, apr

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	—
apr	—	—	—	—	—

CVE-2011-0419

Medium priority

Fixed

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD...

2 affected packages

apache2, apr

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	—
apr	—	—	—	—	—

CVE-2010-1623

Medium priority

Some fixes available 6 of 7

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other...

2 affected packages

apache2, apr-util

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	—
apr-util	—	—	—	—	—

Export to JSON

Results by page: