Search CVE reports

Toggle filters

31 – 40 of 50 results

CVE-2021-46143

Medium priority

Some fixes available 36 of 266

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apr-util, audacity, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apr-util Not affected Not affected Not affected Not affected
audacity Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Ignored Ignored
cmake Not affected Not affected Not affected Not affected
coda Needs evaluation Needs evaluation Ignored
coin3 Not affected Not affected Not affected Ignored
emboss Needs evaluation Needs evaluation Ignored Ignored
expat Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
libxmltok Fixed Fixed Fixed Fixed
harp Needs evaluation Needs evaluation Ignored
ibm-3270 Needs evaluation Needs evaluation Ignored Ignored
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit5 Needs evaluation Needs evaluation
libsynthesis Needs evaluation Needs evaluation Ignored Ignored
mame Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
opencollada Needs evaluation Needs evaluation Ignored Ignored
paraview Needs evaluation Needs evaluation Ignored Ignored
poco Needs evaluation Needs evaluation Ignored Ignored
python2.7 Not in release Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not affected
python3.8 Not in release Not in release Not affected Not affected
python3.9 Not in release Not in release Not affected Not in release
thunderbird Not affected Not affected Not in release Ignored
qtwebengine-opensource-src Needs evaluation Needs evaluation Ignored Ignored
sitecopy Not in release Needs evaluation Ignored Ignored
smart Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Ignored Ignored
texlive-bin Not affected Not affected Not affected Not affected
tla Needs evaluation Needs evaluation Ignored Ignored
visp Needs evaluation Needs evaluation Ignored
vnc4 Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Ignored Ignored
xmlrpc
xmlrpc-c Needs evaluation Needs evaluation Ignored Ignored
xsd Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected
astropy Needs evaluation Needs evaluation Ignored Ignored
Show all 50 packages Show less packages

CVE-2021-45960

Low priority

Some fixes available 24 of 122

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

24 affected packages

vnc4, apache2, apr-util, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
vnc4 Not in release Not in release Not in release Needs evaluation
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not in release Ignored
vtk Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Not affected Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2019-15903

Medium priority

Some fixes available 59 of 199

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...

32 affected packages

insighttoolkit4, cadaver, insighttoolkit, audacity, ayttm...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
insighttoolkit4 Not in release Not affected Not affected Not affected
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
chromium-browser Fixed Fixed Fixed Fixed
sitecopy Not in release Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
coin3 Not affected Not affected Not affected Vulnerable
firefox Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
libxmltok Fixed Fixed Fixed Fixed
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
vnc4 Not in release Not in release Not in release Vulnerable
expat Not affected Not affected Not affected Fixed
gdcm Not affected Not affected Not affected Not affected
kompozer Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
simgear Not affected Not affected Not affected Not affected
thunderbird Fixed Fixed Fixed Fixed
wxwidgets2.8 Not in release Not in release Not in release Not in release
Show all 32 packages Show less packages

CVE-2018-20843

Low priority

Some fixes available 26 of 127

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, ghostscript, libparagui1.1, poco, sitecopy...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
libparagui1.1 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
audacity Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Vulnerable
firefox Not affected Not affected Not in release Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
tdom Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not in release Not affected
vtk Not in release Not in release Not in release Not in release
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wxwidgets2.8 Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Fixed Fixed Fixed Fixed
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not affected Not affected Not affected
kompozer Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Vulnerable
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
Show all 32 packages Show less packages

CVE-2017-11742

Medium priority
Not affected

The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of...

1 affected package

expat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat
Show less packages

CVE-2017-9233

Medium priority

Some fixes available 7 of 102

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

33 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
expat Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
texlive-bin Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
coin3 Not affected Not affected Not affected Needs evaluation
cableswig Not in release Not in release Not in release Not in release
cadaver Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
libxmltok Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
wbxml2 Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
firefox Not affected Not affected Not in release Not affected
simgear Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
tdom Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not in release Not affected
wxwidgets2.8 Not in release Not in release Not in release Not in release
xmlrpc-c Not affected Not affected Not affected Not affected
Show all 33 packages Show less packages

CVE-2016-5300

Medium priority

Some fixes available 5 of 101

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...

31 affected packages

apache2, apr-util, cmake, poco, sitecopy...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
poco Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
cadaver Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
matanza Not affected Not affected Not affected Not affected
cableswig Not in release Not in release Not in release Not in release
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
ghostscript Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
xotcl Not affected Not affected Not affected Not affected
expat Not affected Not affected Not affected Not affected
libxmltok Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
swish-e Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
Show all 31 packages Show less packages

CVE-2016-4472

Medium priority

Some fixes available 7 of 180

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this...

26 affected packages

ayttm, poco, libparagui1.1, sitecopy, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ayttm Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
libparagui1.1 Not in release Not in release Not in release Not in release
sitecopy Not in release Not affected Not affected Not affected
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
audacity Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release
expat Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
coin3 Vulnerable Vulnerable Vulnerable Vulnerable
matanza Ignored Ignored Ignored Ignored
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
cableswig Not in release Not in release Not in release Not in release
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
tdom Not affected Not affected Not affected Not affected
libxmltok Fixed Fixed Fixed Fixed
xotcl Not affected Not affected Not affected Not affected
Show all 26 packages Show less packages

CVE-2016-0718

Medium priority

Some fixes available 33 of 206

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

28 affected packages

ayttm, libparagui1.1, audacity, firefox, thunderbird...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ayttm Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not in release Not affected
thunderbird Not affected Not affected Not in release Not affected
expat Fixed Fixed Fixed Fixed
vnc4 Not in release Not in release Not in release Ignored
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
xotcl Not affected Not affected Not affected Not affected
kompozer Not in release Not in release Not in release Not in release
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
wbxml2 Not affected Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
tdom Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
coin3 Vulnerable Vulnerable Vulnerable Vulnerable
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
libxmltok Fixed Fixed Fixed Fixed
Show all 28 packages Show less packages

CVE-2015-1283

Medium priority

Some fixes available 42 of 255

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

cmake, ghostscript, texlive-bin, libparagui1.1, ayttm...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
libparagui1.1 Not in release Not in release Not in release Not in release
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release
expat Not affected Not affected Not affected Not affected
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
poco Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
cableswig Not in release Not in release Not in release Not in release
chromium-browser Fixed Fixed Fixed Fixed
coin3 Vulnerable Vulnerable Vulnerable Vulnerable
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
oxide-qt Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Vulnerable
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
libxmltok Fixed Fixed Fixed Fixed
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
wxwidgets2.8 Not in release Not in release Not in release Not in release
xotcl Not affected Not affected Not affected Not affected
Show all 33 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON