Search CVE reports
91 – 97 of 97 results
Some fixes available 83 of 542
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML...
41 affected packages
apache2, apr-util, expat, cmake, celementtree...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed |
| cmake | Not affected | Not affected | Not affected | Not affected |
| celementtree | Not in release | Not in release | Not in release | Not in release |
| paraview | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not affected |
| poco | Not affected | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release |
| cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
| tla | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
| sitecopy | Not in release | Not affected | Not affected | Not affected |
| wbxml2 | Not affected | Not affected | Not affected | Not affected |
| xulrunner | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| wxwindows2.4 | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| grmonitor | Not in release | Not in release | Not in release | Not in release |
| tdom | Not affected | Not affected | Not affected | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release |
| coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-xml | Not in release | Not in release | Not in release | Not in release |
| python2.4 | Not in release | Not in release | Not in release | Not in release |
| python2.5 | Not in release | Not in release | Not in release | Not in release |
| python2.6 | Not in release | Not in release | Not in release | Not in release |
| w3c-libwww | Not in release | Not in release | Not in release | Not in release |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Fixed | Fixed | Fixed | Fixed |
| xotcl | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected |
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle...
1 affected package
apr
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apr | — | — | — | — |
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly...
3 affected packages
apache2, apr, apr-util
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
| apr | — | — | — | — |
| apr-util | — | — | — | — |
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
2 affected packages
apache2, apr-util
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
| apr-util | — | — | — | — |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service...
2 affected packages
apache2, apr-util
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
| apr-util | — | — | — | — |
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the...
2 affected packages
apache2, apr-util
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
| apr-util | — | — | — | — |
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack...
1 affected package
libapreq2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libapreq2 | — | — | — | — |