Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 277 results


CVE-2024-45492

Medium priority

Some fixes available 6 of 55

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45491

Medium priority

Some fixes available 11 of 60

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Fixed Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45490

Medium priority

Some fixes available 11 of 60

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Fixed Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-24199

Medium priority
Needs evaluation

smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.

1 affected packages

smartdns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smartdns Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-24198

Medium priority
Needs evaluation

smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.

1 affected packages

smartdns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smartdns Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2023-49441

Low priority

Some fixes available 4 of 5

dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.

1 affected packages

dnsmasq

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dnsmasq Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-36041

Medium priority

Some fixes available 4 of 6

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same...

1 affected packages

plasma-workspace

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
plasma-workspace Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-35226

Medium priority
Needs evaluation

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag....

2 affected packages

smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-28757

Medium priority

Some fixes available 2 of 67

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Not affected Fixed Ignored Ignored Ignored
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Ignored Ignored Ignored Ignored Ignored
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2023-50868

Medium priority

Some fixes available 17 of 38

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random...

7 affected packages

bind9, bind9-libs, dnsmasq, isc-dhcp, knot-resolver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Fixed Fixed
bind9-libs Not in release Needs evaluation Needs evaluation Not in release Not in release
dnsmasq Fixed Fixed Fixed Fixed Fixed
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
knot-resolver Vulnerable Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pdns-recursor Vulnerable Needs evaluation Needs evaluation Needs evaluation Needs evaluation
unbound Fixed Fixed Fixed Needs evaluation Needs evaluation
Show all 7 packages Show less packages