Search CVE reports

31 – 37 of 37 results

Detailed view

Sort by:

CVE-2016-0718

Medium priority

Some fixes available 32 of 199

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

28 affected packages

expat, wxwidgets2.8, wxwidgets2.6, vnc4, xotcl...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Fixed	Fixed	Fixed	Fixed
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Ignored
xotcl	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
smart	Not in release	Not in release	Not in release	Not affected
firefox	Not affected	Not affected	Not in release	Not affected
thunderbird	Not affected	Not affected	Not in release	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Fixed	Fixed	Fixed	Fixed
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2015-1283

Medium priority

Some fixes available 41 of 248

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

chromium-browser, oxide-qt, expat, apache2, apr-util...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	Fixed	Fixed	Fixed	Fixed
oxide-qt	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
smart	Not in release	Not in release	Not in release	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Fixed	Fixed	Fixed	Fixed
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2012-6702

Medium priority

Some fixes available 5 of 104

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

32 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Ignored
xotcl	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
smart	Not in release	Not in release	Not in release	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
audacity	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected

CVE-2012-1148

Low priority

Some fixes available 44 of 403

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

expat, apache2, apr-util, celementtree, cmake...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.6	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python-xml	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Ignored
xotcl	Not affected	Not affected	Not affected	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release
tla	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
grmonitor	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
smart	Not in release	Not in release	Not in release	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
libxmltok	Fixed	Fixed	Fixed	Fixed
audacity	Not affected	Not affected	Not affected	Not affected
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2012-0876

Medium priority

Some fixes available 37 of 392

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

expat, apache2, apr-util, celementtree, cmake...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.6	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python-xml	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Ignored
xotcl	Not affected	Not affected	Not affected	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release
tla	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
grmonitor	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
smart	Not in release	Not in release	Not in release	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
audacity	Not affected	Not affected	Not affected	Not affected
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2009-3720

Low priority

Some fixes available 81 of 535

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML...

41 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Fixed	Fixed	Fixed	Fixed
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.6	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
celementtree	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python-xml	Not in release	Not in release	Not in release	Not in release
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Not affected
xotcl	Not affected	Not affected	Not affected	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release
tla	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
grmonitor	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
matanza	Ignored	Ignored	Ignored	Ignored
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Not affected	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2009-3560

Medium priority

Some fixes available 81 of 503

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed...

41 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Fixed	Fixed	Fixed	Fixed
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.6	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
celementtree	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python-xml	Not in release	Not in release	Not in release	Not in release
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Not affected
xotcl	Not affected	Not affected	Not affected	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release
tla	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
grmonitor	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page: