Search CVE reports

Toggle filters

21 – 30 of 49 results

CVE-2022-25314

Medium priority

Some fixes available 19 of 116

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

thunderbird, ayttm, cableswig, cadaver, apache2...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Ignored Ignored Not in release Ignored
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected
firefox Fixed Fixed Not in release Ignored
expat Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
libxmltok Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages

CVE-2022-25313

Medium priority

Some fixes available 21 of 118

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

ayttm, apache2, apr-util, cmake, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ayttm Not in release Not in release Not in release Not in release
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
coin3 Not affected Not affected Not affected Needs evaluation
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not affected Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Ignored Ignored Ignored Ignored
thunderbird Ignored Ignored Not in release Ignored
firefox Fixed Fixed Not in release Ignored
expat Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
libxmltok Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-25236

High priority

Some fixes available 28 of 129

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not affected Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Ignored Ignored Ignored Ignored
libxmltok Fixed Fixed Fixed Fixed
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
coin3 Not affected Not affected Not affected Needs evaluation
firefox Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected
thunderbird Ignored Ignored Not in release Ignored
vtk Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25235

High priority

Some fixes available 28 of 129

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

firefox, smart, vtk, thunderbird, apache2...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Not in release Ignored
smart Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release
thunderbird Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
libxmltok Fixed Fixed Fixed Fixed
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Ignored Ignored Ignored Ignored
coin3 Not affected Not affected Not affected Needs evaluation
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
texlive-bin Not affected Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-23990

Medium priority

Some fixes available 21 of 95

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

apache2, apr-util, insighttoolkit, swish-e, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
swish-e Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Vulnerable Vulnerable
vtk Not in release Not in release Not in release Not in release
matanza Ignored Ignored Ignored Ignored
expat Fixed Fixed Fixed Fixed
wbxml2 Needs evaluation Needs evaluation Vulnerable Vulnerable
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Not affected Not affected
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable
firefox Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
libxmltok Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Not in release Ignored
vnc4 Not in release Not in release Not in release Not affected
xmlrpc-c Needs evaluation Needs evaluation Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-23852

Medium priority

Some fixes available 21 of 100

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

24 affected packages

apache2, expat, apr-util, cableswig, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed
apr-util Not affected Not affected Not affected Not affected
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable
ayttm Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected
firefox Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
libxmltok Not affected Not affected Not affected Not affected
matanza Ignored Ignored Not affected Not affected
smart Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Vulnerable Vulnerable
thunderbird Ignored Ignored Not in release Ignored
texlive-bin Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Vulnerable
vtk Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Vulnerable Vulnerable
xmlrpc-c Needs evaluation Needs evaluation Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-22827

Medium priority

Some fixes available 32 of 135

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

expat, apache2, apr-util, ayttm, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Fixed Fixed Fixed Fixed
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
firefox Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
libxmltok Fixed Fixed Fixed Fixed
insighttoolkit4 Not in release Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
thunderbird Not affected Fixed Fixed Ignored
texlive-bin Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages

CVE-2022-22826

Medium priority

Some fixes available 32 of 135

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

cmake, expat, vtk, apache2, apr-util...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cmake Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed
vtk Not in release Not in release Not in release Not in release
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
coin3 Not affected Not affected Not affected Needs evaluation
firefox Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not affected Not affected Not affected
libxmltok Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Fixed Fixed Ignored
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages

CVE-2022-22825

Medium priority

Some fixes available 32 of 135

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

coin3, apache2, apr-util, ayttm, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coin3 Not affected Not affected Not affected Needs evaluation
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cableswig Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not affected Not affected Not affected
libxmltok Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Fixed Fixed Ignored
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages

CVE-2022-22824

Medium priority

Some fixes available 32 of 135

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

expat, ayttm, apache2, apr-util, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Fixed Fixed Fixed Fixed
ayttm Not in release Not in release Not in release Not in release
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
firefox Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not affected Not affected Not affected
libxmltok Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Fixed Fixed Ignored
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 24 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON