Search CVE reports
1 – 10 of 498 results
(libexpat before 2.7.6 uses insufficient entropy, and thus hash floodin ...)
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | — | Not affected | Not affected | Not affected | Not affected |
| apr-util | — | Not affected | Not affected | Not affected | Not affected |
| cmake | — | Not affected | Not affected | Not affected | Not affected |
| ghostscript | — | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | — | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | — | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | — | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | — | Not in release | Not in release | — | — |
| cableswig | — | Not in release | Not in release | — | — |
| coin3 | — | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | — | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | — | Not in release | Not in release | — | — |
| smart | — | Not in release | Not in release | — | Needs evaluation |
| firefox | — | Not affected | Not affected | — | — |
| thunderbird | — | Not affected | Not affected | — | — |
| libxmltok | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out...
7 affected packages
openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg2 | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | — | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | — | Not affected | Not affected | Not affected | Needs evaluation |
| openjpeg | — | Not in release | Not in release | — | — |
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of...
6 affected packages
libvncserver, vino, x11vnc, veyon, italc, tightvnc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libvncserver | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vino | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| x11vnc | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| veyon | — | Needs evaluation | Needs evaluation | Needs evaluation | — |
| italc | — | Not in release | Not in release | — | Needs evaluation |
| tightvnc | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application...
6 affected packages
veyon, libvncserver, vino, x11vnc, italc, tightvnc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| veyon | — | Needs evaluation | Needs evaluation | Needs evaluation | — |
| libvncserver | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vino | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| x11vnc | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| italc | — | Not in release | Not in release | — | Needs evaluation |
| tightvnc | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.
23 affected packages
smart, expat, apache2, apr-util, cmake...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| smart | — | Not in release | Not in release | — | Needs evaluation |
| expat | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | — | Not affected | Not affected | Not affected | Not affected |
| apr-util | — | Not affected | Not affected | Not affected | Not affected |
| cmake | — | Not affected | Not affected | Not affected | Not affected |
| ghostscript | — | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | — | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | — | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | — | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | — | Not in release | Not in release | — | — |
| cableswig | — | Not in release | Not in release | — | — |
| coin3 | — | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | — | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | — | Not in release | Not in release | — | — |
| firefox | — | Not affected | Not affected | — | — |
| thunderbird | — | Not affected | Not affected | — | — |
| libxmltok | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or...
1 affected package
nghttp2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nghttp2 | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
23 affected packages
expat, coin3, apache2, apr-util, cmake...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| coin3 | — | Not affected | Not affected | Not affected | Needs evaluation |
| apache2 | — | Not affected | Not affected | Not affected | Not affected |
| apr-util | — | Not affected | Not affected | Not affected | Not affected |
| cmake | — | Not affected | Not affected | Not affected | Not affected |
| ghostscript | — | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | — | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | — | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | — | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | — | Not in release | Not in release | — | — |
| cableswig | — | Not in release | Not in release | — | — |
| matanza | — | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | — | Not in release | Not in release | — | — |
| smart | — | Not in release | Not in release | — | Needs evaluation |
| firefox | — | Not affected | Not affected | — | — |
| thunderbird | — | Not affected | Not affected | — | — |
| libxmltok | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | — | Not affected | Not affected | Not affected | Not affected |
| apr-util | — | Not affected | Not affected | Not affected | Not affected |
| cmake | — | Not affected | Not affected | Not affected | Not affected |
| ghostscript | — | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | — | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | — | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | — | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | — | Not in release | Not in release | — | — |
| cableswig | — | Not in release | Not in release | — | — |
| coin3 | — | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | — | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | — | Not in release | Not in release | — | — |
| smart | — | Not in release | Not in release | — | Needs evaluation |
| firefox | — | Not affected | Not affected | — | — |
| thunderbird | — | Not affected | Not affected | — | — |
| libxmltok | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | — | Not affected | Not affected | Not affected | Not affected |
| apr-util | — | Not affected | Not affected | Not affected | Not affected |
| cmake | — | Not affected | Not affected | Not affected | Not affected |
| ghostscript | — | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | — | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | — | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | — | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | — | Not in release | Not in release | — | — |
| cableswig | — | Not in release | Not in release | — | — |
| coin3 | — | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | — | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | — | Not in release | Not in release | — | — |
| smart | — | Not in release | Not in release | — | Needs evaluation |
| firefox | — | Not affected | Not affected | — | — |
| thunderbird | — | Not affected | Not affected | — | — |
| libxmltok | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Not in release
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an...
1 affected package
ghostty
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostty | — | Not in release | Not in release | — | — |