Search CVE reports

Toggle filters

31 – 40 of 43 results

CVE-2016-4472

Medium priority

Some fixes available 7 of 174

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this...

26 affected packages

libparagui1.1, poco, sitecopy, ayttm, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libparagui1.1 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
audacity Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release
expat Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
coin3 Vulnerable Vulnerable Vulnerable Vulnerable
matanza Ignored Ignored Ignored Ignored
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
cableswig Not in release Not in release Not in release Not in release
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
tdom Not affected Not affected Not affected Not affected
libxmltok Fixed Fixed Fixed Fixed
xotcl Not affected Not affected Not affected Not affected
Show all 26 packages Show less packages

CVE-2016-0718

Medium priority

Some fixes available 32 of 199

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

28 affected packages

libparagui1.1, ayttm, audacity, firefox, thunderbird...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libparagui1.1 Not in release Not in release Not in release Not in release
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not in release Not affected
thunderbird Not affected Not affected Not in release Not affected
expat Fixed Fixed Fixed Fixed
vnc4 Not in release Not in release Not in release Ignored
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
xotcl Not affected Not affected Not affected Not affected
kompozer Not in release Not in release Not in release Not in release
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
wbxml2 Not affected Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
tdom Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
coin3 Vulnerable Vulnerable Vulnerable Vulnerable
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
libxmltok Fixed Fixed Fixed Fixed
Show all 28 packages Show less packages

CVE-2015-1283

Medium priority

Some fixes available 41 of 248

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

cmake, ghostscript, texlive-bin, libparagui1.1, ayttm...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
libparagui1.1 Not in release Not in release Not in release Not in release
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release
expat Not affected Not affected Not affected Not affected
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
poco Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
cableswig Not in release Not in release Not in release Not in release
chromium-browser Fixed Fixed Fixed Fixed
coin3 Vulnerable Vulnerable Vulnerable Vulnerable
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
oxide-qt Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Vulnerable
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
libxmltok Fixed Fixed Fixed Fixed
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
wxwidgets2.8 Not in release Not in release Not in release Not in release
xotcl Not affected Not affected Not affected Not affected
Show all 33 packages Show less packages

CVE-2013-0341

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

40 affected packages

tdom, apache2, apr-util, audacity, ayttm...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tdom
apache2
apr-util
audacity
ayttm
cableswig
cadaver
celementtree
cmake
coin3
expat
gdcm
ghostscript
grmonitor
insighttoolkit
kompozer
libparagui1.1
matanza
paraview
poco
python-xml
python2.4
python2.5
python2.6
simgear
sitecopy
smart
swish-e
texlive-bin
tla
vnc4
vtk
w3c-libwww
wbxml2
wxwidgets2.6
wxwidgets2.8
wxwindows2.4
xmlrpc-c
xotcl
xulrunner
Show all 40 packages Show less packages

CVE-2013-0340

Medium priority
Ignored

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
apr-util
audacity
ayttm
cableswig
cadaver
celementtree
cmake
coin3
expat
gdcm
ghostscript
grmonitor
insighttoolkit
kompozer
libparagui1.1
matanza
paraview
poco
python-xml
python2.4
python2.5
python2.6
simgear
sitecopy
smart
swish-e
tdom
texlive-bin
tla
vnc4
vtk
w3c-libwww
wbxml2
wxwidgets2.6
wxwidgets2.8
wxwindows2.4
xmlrpc-c
xotcl
xulrunner
Show all 40 packages Show less packages

CVE-2012-6702

Medium priority

Some fixes available 5 of 104

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

32 affected packages

apache2, cmake, ghostscript, paraview, libparagui1.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
paraview Not affected Not affected Not affected Not affected
libparagui1.1 Not in release Not in release Not in release Not in release
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cableswig Not in release Not in release Not in release Not in release
cadaver Not affected Not affected Not affected Not affected
expat Not affected Not affected Not affected Not affected
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
libxmltok Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected
kompozer Not in release Not in release Not in release Not in release
matanza Not affected Not affected Not affected Not affected
poco Not affected Not affected Not affected Not affected
simgear Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
swish-e Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
xotcl Not affected Not affected Not affected Not affected
Show all 32 packages Show less packages

CVE-2012-1148

Low priority

Some fixes available 44 of 403

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

poco, celementtree, python-xml, paraview, kompozer...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
poco Not affected Not affected Not affected Not affected
celementtree Not in release Not in release Not in release Not in release
python-xml Not in release Not in release Not in release Not in release
paraview Not affected Not affected Not affected Not affected
kompozer Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
python2.4 Not in release Not in release Not in release Not in release
python2.5 Not in release Not in release Not in release Not in release
texlive-bin Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
w3c-libwww Not in release Not in release Not in release Not in release
wxwidgets2.6 Not in release Not in release Not in release Not in release
sitecopy Not in release Not affected Not affected Not affected
wbxml2 Not affected Not affected Not affected Not affected
xulrunner Not in release Not in release Not in release Not in release
insighttoolkit Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
matanza Ignored Ignored Ignored Ignored
libxmltok Fixed Fixed Fixed Fixed
xotcl Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable
gdcm Not affected Not affected Not affected Not affected
simgear Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
grmonitor Not in release Not in release Not in release Not in release
expat Not affected Not affected Not affected Not affected
python2.6 Not in release Not in release Not in release Not in release
wxwindows2.4 Not in release Not in release Not in release Not in release
xmlrpc-c Fixed Fixed Fixed Fixed
Show all 41 packages Show less packages

CVE-2012-1147

Low priority
Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

expat, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Not affected
apr-util Ignored
audacity Not affected
ayttm Not in release
cableswig Not in release
cadaver Not affected
coin3 Not affected
gdcm Not affected
insighttoolkit Not in release
matanza Not affected
paraview Not affected
poco Not affected
simgear Not affected
sitecopy Not affected
swish-e Not affected
tdom Not affected
texlive-bin Ignored
tla Not affected
vnc4 Ignored
vtk Not in release
wbxml2 Not affected
wxwidgets2.8 Not in release
apache2 Ignored
celementtree Not in release
cmake Ignored
ghostscript Ignored
grmonitor Not in release
kompozer Not in release
libparagui1.1 Not in release
python-xml Not in release
python2.4 Not in release
python2.5 Not in release
python2.6 Not in release
smart Ignored
w3c-libwww Not in release
wxwidgets2.6 Not in release
wxwindows2.4 Not in release
xmlrpc-c Ignored
xotcl Not affected
xulrunner Not in release
Show all 40 packages Show less packages

CVE-2012-0876

Medium priority

Some fixes available 37 of 392

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

cmake, paraview, python-xml, libparagui1.1, poco...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cmake Not affected Not affected Not affected Not affected
paraview Not affected Not affected Not affected Not affected
python-xml Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
vnc4 Not in release Not in release Not in release Ignored
w3c-libwww Not in release Not in release Not in release Not in release
xotcl Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
wbxml2 Not affected Not affected Not affected Not affected
wxwindows2.4 Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Vulnerable
gdcm Not affected Not affected Not affected Not affected
grmonitor Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
expat Not affected Not affected Not affected Not affected
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
celementtree Not in release Not in release Not in release Not in release
ghostscript Not affected Not affected Not affected Not affected
python2.4 Not in release Not in release Not in release Not in release
python2.5 Not in release Not in release Not in release Not in release
python2.6 Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
libxmltok Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
xmlrpc-c Fixed Fixed Fixed Fixed
xulrunner Not in release Not in release Not in release Not in release
Show all 41 packages Show less packages

CVE-2011-2188

Medium priority
Ignored

LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of...

1 affected package

lua-expat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua-expat
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON