Search CVE reports

41 – 50 of 51 results

Detailed view

Sort by:

CVE-2015-0255

Medium priority

Some fixes available 29 of 43

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value...

7 affected packages

vnc4, xorg-server-lts-raring, xorg-server-lts-utopic, xorg-server, xorg-server-lts-quantal...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vnc4	Not in release	Not in release	Not in release	Vulnerable
xorg-server-lts-raring	Not in release	Not in release	Not in release	Not in release
xorg-server-lts-utopic	Not in release	Not in release	Not in release	Not in release
xorg-server	Fixed	Fixed	Fixed	Fixed
xorg-server-lts-quantal	Not in release	Not in release	Not in release	Not in release
xorg-server-lts-saucy	Not in release	Not in release	Not in release	Not in release
xorg-server-lts-trusty	Not in release	Not in release	Not in release	Not in release

CVE-2013-0340

Medium priority

Ignored

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

gdcm, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gdcm	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
tdom	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2013-0341

Medium priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

40 affected packages

tdom, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tdom	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2012-6702

Medium priority

Some fixes available 5 of 107

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

32 affected packages

ayttm, apache2, cmake, ghostscript, paraview...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
apache2	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
paraview	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
matanza	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected

CVE-2012-1147

Low priority

Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

expat, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	—	—	—	Not affected
apr-util	—	—	—	Ignored
audacity	—	—	—	Not affected
ayttm	—	—	—	Not in release
cableswig	—	—	—	Not in release
cadaver	—	—	—	Not affected
coin3	—	—	—	Not affected
gdcm	—	—	—	Not affected
insighttoolkit	—	—	—	Not in release
matanza	—	—	—	Not affected
paraview	—	—	—	Not affected
poco	—	—	—	Not affected
simgear	—	—	—	Not affected
sitecopy	—	—	—	Not affected
swish-e	—	—	—	Not affected
tdom	—	—	—	Not affected
texlive-bin	—	—	—	Ignored
tla	—	—	—	Not affected
vnc4	—	—	—	Ignored
vtk	—	—	—	Not in release
wbxml2	—	—	—	Not affected
wxwidgets2.8	—	—	—	Not in release
apache2	—	—	—	Ignored
celementtree	—	—	—	Not in release
cmake	—	—	—	Ignored
ghostscript	—	—	—	Ignored
grmonitor	—	—	—	Not in release
kompozer	—	—	—	Not in release
libparagui1.1	—	—	—	Not in release
python-xml	—	—	—	Not in release
python2.4	—	—	—	Not in release
python2.5	—	—	—	Not in release
python2.6	—	—	—	Not in release
smart	—	—	—	Ignored
w3c-libwww	—	—	—	Not in release
wxwidgets2.6	—	—	—	Not in release
wxwindows2.4	—	—	—	Not in release
xmlrpc-c	—	—	—	Ignored
xotcl	—	—	—	Not affected
xulrunner	—	—	—	Not in release

CVE-2012-1148

Low priority

Some fixes available 45 of 407

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

ayttm, poco, celementtree, python-xml, paraview...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
python-xml	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
audacity	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
w3c-libwww	Not in release	Not in release	Not in release	Not in release
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
sitecopy	Not in release	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
matanza	Ignored	Ignored	Ignored	Ignored
libxmltok	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
grmonitor	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
python2.6	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed

CVE-2012-0876

Medium priority

Some fixes available 38 of 396

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

cmake, paraview, python-xml, libparagui1.1, poco...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cmake	Not affected	Not affected	Not affected	Not affected
paraview	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
w3c-libwww	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
xulrunner	Not in release	Not in release	Not in release	Not in release

CVE-2009-3560

Medium priority

Some fixes available 83 of 502

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed...

41 affected packages

vtk, apache2, python-xml, paraview, poco...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vtk	Not in release	Not in release	Not in release	Not in release
apache2	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Ignored	Ignored
coin3	Not affected	Not affected	Not affected	Vulnerable
apr-util	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release

CVE-2009-3720

Low priority

Some fixes available 83 of 535

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML...

41 affected packages

apache2, apr-util, expat, cmake, celementtree...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed
cmake	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not affected
poco	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
libxmltok	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
tla	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
sitecopy	Not in release	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
swish-e	Needs evaluation	Needs evaluation	Ignored	Ignored
python-xml	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release
w3c-libwww	Not in release	Not in release	Not in release	Not in release
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected

CVE-2008-4770

Medium priority

Ignored

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute...

1 affected package

vnc4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vnc4	—	—	—	—

Export to JSON

Results by page: