Search CVE reports
11 – 20 of 124 results
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 7
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is...
1 affected package
haproxy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| haproxy | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 7
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535...
1 affected package
haproxy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| haproxy | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can...
1 affected package
haproxy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| haproxy | Fixed | Fixed | Not affected | Not affected | Not affected |
Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |