Search CVE reports


Toggle filters

31 – 40 of 451 results


CVE-2024-28182

Medium priority
Fixed

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep...

1 affected package

nghttp2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nghttp2 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-28757

Medium priority

Some fixes available 2 of 74

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Not affected Fixed Ignored Ignored Ignored
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Ignored Ignored Ignored Ignored Ignored
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2023-52426

Medium priority

Some fixes available 2 of 50

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not affected Ignored Ignored
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Ignored Ignored
vnc4 Not in release Not in release Not in release Not affected Not affected
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Not affected Not affected Not affected Not affected
Show all 23 packages Show less packages

CVE-2023-52425

Medium priority

Some fixes available 4 of 77

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation Needs evaluation
expat Fixed Fixed Ignored Ignored Ignored
firefox Not affected Not affected Not affected Ignored Ignored
gdcm Not affected Not affected Not affected Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libxmltok Ignored Ignored Ignored Ignored Ignored
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Ignored Ignored
vnc4 Not in release Not in release Not in release Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2020-36773

Medium priority
Not affected

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a...

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-46751

Medium priority
Fixed

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2023-44487

High priority

Some fixes available 18 of 56

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

13 affected packages

dotnet6, dotnet7, dotnet8, h2o, haproxy...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotnet6 Not in release Fixed Not in release Not in release Not in release
dotnet7 Not in release Fixed Not in release Not in release Not in release
dotnet8 Fixed Not affected Not in release Not in release Not in release
h2o Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
haproxy Not affected Not affected Not affected Fixed Not affected
netty Not affected Fixed Fixed Not affected Not affected
nghttp2 Not affected Fixed Fixed Fixed Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages

CVE-2023-43115

Medium priority

Some fixes available 4 of 6

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been...

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Ignored Ignored
Show less packages

CVE-2023-4042

Medium priority
Not affected

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-21890

Medium priority
Fixed

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Fixed Fixed Fixed
Show less packages