Search CVE reports


Toggle filters

31 – 40 of 60 results


CVE-2023-52425

Medium priority

Some fixes available 7 of 75

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

23 affected packages

xmlrpc-c, wbxml2, swish-e, cadaver, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Ignored Ignored
firefox Not affected Not affected Not affected Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Not in release Ignored Ignored Ignored Ignored
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Not in release Ignored
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release Not in release
Show all 23 packages Show less packages

CVE-2022-43680

Medium priority

Some fixes available 13 of 96

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

24 affected packages

xmlrpc-c, wbxml2, swish-e, cadaver, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-40674

Medium priority

Some fixes available 15 of 114

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

24 affected packages

cadaver, coin3, swish-e, tdom, thunderbird...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
coin3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
thunderbird Ignored Ignored Ignored Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25315

Medium priority

Some fixes available 23 of 113

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

24 affected packages

xmlrpc-c, wbxml2, swish-e, cadaver, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25314

Medium priority

Some fixes available 21 of 111

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

xmlrpc-c, wbxml2, swish-e, cadaver, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25313

Medium priority

Some fixes available 23 of 113

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

xmlrpc-c, wbxml2, swish-e, cadaver, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25236

High priority

Some fixes available 45 of 105

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

swish-e, thunderbird, apache2, apr-util, ayttm...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
swish-e Fixed Fixed Fixed Fixed Fixed
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Fixed
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
tdom Not affected Not affected Not affected Not affected Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Not affected Fixed Fixed Fixed Fixed
Show all 24 packages Show less packages

CVE-2022-25235

High priority

Some fixes available 45 of 105

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

swish-e, thunderbird, apache2, apr-util, ayttm...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
swish-e Fixed Fixed Fixed Fixed Fixed
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Fixed
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
tdom Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Not affected Not affected Not affected Needs evaluation Not affected
xmlrpc-c Not affected Fixed Fixed Fixed Fixed
Show all 24 packages Show less packages

CVE-2022-23990

Medium priority

Some fixes available 23 of 99

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

xmlrpc-c, wbxml2, swish-e, cadaver, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
wbxml2 Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
swish-e Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
cadaver Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Vulnerable
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-23852

Medium priority

Some fixes available 23 of 101

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

24 affected packages

xmlrpc-c, wbxml2, swish-e, cadaver, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
wbxml2 Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
swish-e Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
cadaver Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Vulnerable
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Vulnerable
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages