Search CVE reports
91 – 100 of 498 results
Some fixes available 2 of 3
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in...
1 affected package
lighttpd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| lighttpd | Not affected | Not affected | Fixed | Not affected | Not affected |
Some fixes available 15 of 96
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
24 affected packages
firefox, cadaver, coin3, gdcm, libxmltok...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Fixed | Fixed |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| vnc4 | — | — | Not in release | Not in release | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | — | — | Not in release | Not in release | Not in release |
| cableswig | — | — | Not in release | Not in release | Not in release |
| smart | — | — | Not in release | Not in release | Ignored |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | — | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vtk | — | — | Not in release | Not in release | Not in release |
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an...
1 affected package
lighttpd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| lighttpd | Not affected | Not affected | Vulnerable | Vulnerable | Not affected |
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
6 affected packages
libvncserver, tightvnc, veyon, x11vnc, italc, vino
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libvncserver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| veyon | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Not in release |
| x11vnc | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| italc | — | — | Not in release | Not in release | Ignored |
| vino | Not in release | Not affected | Not affected | Not affected | Not affected |
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Not affected | Fixed | Fixed |
Some fixes available 1 of 2
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Fixed | Not affected | Not affected |
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read...
1 affected package
lighttpd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| lighttpd | Not affected | Not affected | Not affected | Not affected | Not affected |
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Not affected | Not affected | Fixed |
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Not affected | Not affected | Not affected |
Some fixes available 4 of 41
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...
7 affected packages
insighttoolkit4, openjpeg2, ghostscript, blender, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |