Search CVE reports

Toggle filters

101 – 110 of 498 results

CVE-2021-3575

Low priority

Some fixes available 9 of 57

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled...

7 affected packages

openjpeg2, blender, ghostscript, insighttoolkit4, openjpeg...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openjpeg2 Fixed Fixed Fixed Fixed Fixed
blender Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Ignored
openjpeg Not in release Not in release Not in release Not in release Not in release
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texmaker Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 7 packages Show less packages

CVE-2022-25315

Medium priority

Some fixes available 23 of 97

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

24 affected packages

cadaver, apache2, apr-util, ayttm, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libxmltok Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25314

Medium priority

Some fixes available 21 of 95

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

thunderbird, ayttm, cableswig, cadaver, apache2...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Ignored Ignored Ignored Not in release Ignored
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
firefox Fixed Fixed Fixed Not in release Ignored
expat Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 24 packages Show less packages

CVE-2022-25313

Medium priority

Some fixes available 23 of 97

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

ayttm, apache2, apr-util, cmake, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ayttm Not in release Not in release Not in release Not in release Not in release
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
thunderbird Ignored Ignored Ignored Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
firefox Fixed Fixed Fixed Not in release Ignored
cableswig Not in release Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25236

High priority

Some fixes available 30 of 112

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed Fixed
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
matanza Ignored Ignored Ignored Ignored Ignored
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libxmltok Not in release Fixed Fixed Fixed Fixed
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
vnc4 Not in release Not in release Not in release Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
coin3 Not affected Not affected Not affected Not affected Ignored
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
thunderbird Ignored Ignored Ignored Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25235

High priority

Some fixes available 30 of 112

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

firefox, smart, vtk, thunderbird, apache2...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Not in release Ignored
smart Not in release Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release Not in release
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
expat Fixed Fixed Fixed Fixed Fixed
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libxmltok Not in release Fixed Fixed Fixed Fixed
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
coin3 Not affected Not affected Not affected Not affected Ignored
matanza Ignored Ignored Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
texlive-bin Not affected Not affected Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-23967

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15679. Reason: This candidate is a duplicate of CVE-2019-15679. Notes: All CVE users should reference CVE-2019-15679 instead of this candidate. All references...

1 affected package

tightvnc

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tightvnc Not affected Not affected Not affected
Show less packages

CVE-2022-23990

Medium priority

Some fixes available 23 of 102

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

apache2, apr-util, insighttoolkit, swish-e, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
swish-e Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
vtk Not in release Not in release Not in release Not in release Not in release
expat Fixed Fixed Fixed Fixed Fixed
wbxml2 Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Vulnerable
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
libxmltok Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Not in release Ignored
vnc4 Not in release Not in release Not in release Not in release Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-23852

Medium priority

Some fixes available 23 of 106

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

24 affected packages

apache2, expat, apr-util, cadaver, coin3...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed Fixed
apr-util Not affected Not affected Not affected Not affected Not affected
cadaver Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Vulnerable
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
thunderbird Ignored Ignored Ignored Not in release Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Vulnerable
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
Show all 24 packages Show less packages

CVE-2021-46244

Negligible priority
Vulnerable

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

8 affected packages

hdf5, insighttoolkit4, kissplice, paraview, r-bloc-rhdf5...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
hdf5 Not affected Vulnerable Vulnerable Vulnerable Vulnerable
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Ignored
kissplice Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
paraview Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
r-bloc-rhdf5
vtk
vtk6 Ignored Ignored
xdmf Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 8 packages Show less packages
  1. Previous page
  2. 9
  3. 10
  4. 11
  5. 12
  6. 13
  7. Next page
Export to JSON