Search CVE reports

21 – 30 of 52 results

Detailed view

Sort by:

CVE-2022-43680

Medium priority

Some fixes available 13 of 96

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	—	Not in release	Not in release	Not in release
cableswig	—	—	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	—	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	—	—	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	—	—	Not in release	Not in release	Needs evaluation
vtk	—	—	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-40674

Medium priority

Some fixes available 15 of 114

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	—	Not in release	Not in release	Not in release
cableswig	—	—	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	—	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	—	—	Not in release	Not in release	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	—	—	Not in release	Not in release	Needs evaluation
vtk	—	—	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25315

Medium priority

Some fixes available 23 of 113

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25314

Medium priority

Some fixes available 21 of 111

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25313

Medium priority

Some fixes available 23 of 113

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25236

High priority

Some fixes available 45 of 105

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Fixed
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Fixed	Fixed	Fixed	Fixed	Fixed
tdom	Not affected	Not affected	Not affected	Not affected	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Not affected	Fixed	Fixed	Fixed	Fixed

CVE-2022-25235

High priority

Some fixes available 45 of 105

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Fixed
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Fixed	Fixed	Fixed	Fixed	Fixed
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Needs evaluation	Not affected
xmlrpc-c	Not affected	Fixed	Fixed	Fixed	Fixed

CVE-2022-23990

Medium priority

Some fixes available 23 of 99

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected

CVE-2022-23852

Medium priority

Some fixes available 23 of 101

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Vulnerable
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Not affected	Not affected

CVE-2022-22827

Medium priority

Some fixes available 34 of 129

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Fixed	Fixed	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page: