Search CVE reports
121 – 130 of 498 results
Some fixes available 2 of 4
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a...
1 affected package
lighttpd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| lighttpd | — | — | Fixed | Fixed | Not affected |
Some fixes available 39 of 288
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apr-util, audacity, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coda | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| emboss | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| harp | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | — |
| ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| mame | Fixed | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| opencollada | Not in release | Needs evaluation | Needs evaluation | Ignored | Ignored |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| poco | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| python2.7 | Not in release | Not in release | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.8 | Not in release | Not in release | Not in release | Not affected | Not affected |
| python3.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| sitecopy | Needs evaluation | Not in release | Needs evaluation | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| tla | Not in release | Needs evaluation | Needs evaluation | Ignored | Ignored |
| visp | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc | — | — | — | — | — |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xsd | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| astropy | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
3 affected packages
hdf5, insighttoolkit5, paraview
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hdf5 | Not affected | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
3 affected packages
hdf5, insighttoolkit5, paraview
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
3 affected packages
insighttoolkit5, paraview, hdf5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| hdf5 | Not affected | Needs evaluation | Needs evaluation | Ignored | Ignored |
HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
3 affected packages
hdf5, insighttoolkit5, paraview
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hdf5 | Not affected | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 26 of 100
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
24 affected packages
vnc4, apache2, apr-util, ayttm, cableswig...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Not affected | Fixed | Fixed |
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Not affected | Fixed | Fixed |
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
1 affected package
tightvnc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tightvnc | Not affected | Not affected | Not affected | Not affected | Not affected |