Search CVE reports

41 – 50 of 100 results

Detailed view

Sort by:

CVE-2022-43680

Medium priority

Some fixes available 13 of 96

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	—	Not in release	Not in release	Not in release
cableswig	—	—	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	—	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	—	—	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	—	—	Not in release	Not in release	Needs evaluation
vtk	—	—	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-40674

Medium priority

Some fixes available 15 of 114

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	—	Not in release	Not in release	Not in release
cableswig	—	—	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	—	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	—	—	Not in release	Not in release	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	—	—	Not in release	Not in release	Needs evaluation
vtk	—	—	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-1122

Low priority

Some fixes available 4 of 49

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not in release
openjpeg2	Not affected	Not affected	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-3575

Low priority

Some fixes available 9 of 65

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not in release
openjpeg2	Fixed	Fixed	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25315

Medium priority

Some fixes available 23 of 113

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25314

Medium priority

Some fixes available 21 of 111

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25313

Medium priority

Some fixes available 23 of 113

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25236

High priority

Some fixes available 45 of 105

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Fixed
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Fixed	Fixed	Fixed	Fixed	Fixed
tdom	Not affected	Not affected	Not affected	Not affected	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Not affected	Fixed	Fixed	Fixed	Fixed

CVE-2022-25235

High priority

Some fixes available 45 of 105

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Fixed
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Fixed	Fixed	Fixed	Fixed	Fixed
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Needs evaluation	Not affected
xmlrpc-c	Not affected	Fixed	Fixed	Fixed	Fixed

CVE-2022-23990

Medium priority

Some fixes available 23 of 99

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected

Export to JSON

Results by page: