Search CVE reports

111 – 120 of 196 results

Detailed view

Sort by:

CVE-2022-35450

Negligible priority

Ignored

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b84b1.

1 affected package

texlive-bin

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texlive-bin	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-35449

Negligible priority

Ignored

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466.

1 affected package

texlive-bin

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texlive-bin	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-35448

Negligible priority

Ignored

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af.

1 affected package

texlive-bin

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texlive-bin	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-35447

Negligible priority

Ignored

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b04de.

1 affected package

texlive-bin

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texlive-bin	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-33047

Negligible priority

Ignored

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.

1 affected package

texlive-bin

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texlive-bin	—	Not affected	Not affected	Not affected	Not affected

CVE-2021-27548

Negligible priority

Needs evaluation

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

3 affected packages

xpdf, ipe, texlive-bin

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
texlive-bin	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-25315

Medium priority

Some fixes available 23 of 97

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

24 affected packages

cadaver, apache2, apr-util, ayttm, cableswig...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Ignored
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
vnc4	Not in release	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-25314

Medium priority

Some fixes available 21 of 95

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

thunderbird, ayttm, cableswig, cadaver, apache2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Ignored
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
expat	Fixed	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-25313

Medium priority

Some fixes available 23 of 97

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

ayttm, apache2, apr-util, cmake, cadaver...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Not affected	Ignored
expat	Fixed	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-25236

High priority

Some fixes available 30 of 112

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed	Fixed
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not in release	Not affected	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
vnc4	Not in release	Not in release	Not in release	Not in release	Ignored
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
coin3	Not affected	Not affected	Not affected	Not affected	Ignored
firefox	Fixed	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not in release	Not affected
thunderbird	Ignored	Ignored	Ignored	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page: