Search CVE reports

Toggle filters

11 – 20 of 196 results

CVE-2024-50602

Medium priority

Some fixes available 7 of 74

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

23 affected packages

smart, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smart Not in release Not in release Not in release Not in release Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Needs evaluation
expat Not affected Fixed Fixed Fixed Fixed
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vtk Not in release Not in release Not in release Not in release
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Not affected Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
Show all 23 packages Show less packages

CVE-2024-45492

Medium priority

Some fixes available 6 of 73

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

tdom, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Ignored
vtk Not in release Not in release Not in release Not in release
smart Not in release Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Not affected Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
expat Not affected Fixed Fixed Fixed Fixed
Show all 23 packages Show less packages

CVE-2024-45491

Medium priority

Some fixes available 13 of 80

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, cmake, ghostscript, texlive-bin...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vtk Not in release Not in release Not in release Not in release
smart Not in release Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Not affected Not in release
libxmltok Not in release Fixed Fixed Fixed Fixed
expat Not affected Fixed Fixed Fixed Fixed
Show all 23 packages Show less packages

CVE-2024-45490

Medium priority

Some fixes available 13 of 80

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Not affected Fixed Fixed Fixed Fixed
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vtk Not in release Not in release Not in release Not in release
smart Not in release Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Not affected Not in release
libxmltok Not in release Fixed Fixed Fixed Fixed
Show all 23 packages Show less packages

CVE-2023-46051

Negligible priority
Ignored

TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.

1 affected package

texlive-bin

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
texlive-bin Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-46048

Negligible priority
Ignored

Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.

1 affected package

texlive-bin

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
texlive-bin Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-28757

Medium priority

Some fixes available 2 of 85

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Not affected Not affected Fixed Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
vtk Not in release Not in release Not in release Not in release
smart Not in release Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected Not in release
thunderbird Not affected Not affected Not affected Not in release
libxmltok Not in release Ignored Ignored Ignored Ignored
Show all 23 packages Show less packages

CVE-2024-25262

Medium priority
Fixed

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.

1 affected package

texlive-bin

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
texlive-bin Not affected Fixed Fixed Fixed
Show less packages

CVE-2023-52426

Medium priority

Some fixes available 5 of 46

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

23 affected packages

tdom, vtk, expat, apache2, apr-util...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vtk Not in release Not in release Not in release Not in release Not in release
expat Fixed Fixed Not affected Not affected Not affected
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Not affected
wbxml2 Needs evaluation Needs evaluation Not affected Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Ignored
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Ignored
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
firefox Not affected Not affected Not affected Not in release Ignored
thunderbird Not affected Not affected Not affected Not in release Ignored
libxmltok Not in release Not affected Not affected Not affected Not affected
Show all 23 packages Show less packages

CVE-2023-52425

Medium priority

Some fixes available 7 of 57

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Fixed Fixed Fixed Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Ignored
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Ignored
matanza Ignored Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vtk Not in release Not in release Not in release Not in release Not in release
smart Not in release Not in release Not in release Not in release Not affected
firefox Not affected Not affected Not affected Not in release Ignored
thunderbird Not affected Not affected Not affected Not in release Ignored
libxmltok Not in release Ignored Ignored Ignored Ignored
Show all 23 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON