Search CVE reports
11 – 20 of 95 results
Some fixes available 2 of 81
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | Not affected | Fixed | Ignored | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | — |
| cableswig | Not in release | Not in release | Not in release | — |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — |
| smart | Not in release | Not in release | Not in release | Needs evaluation |
| firefox | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not in release | — |
| libxmltok | Ignored | Ignored | Ignored | Ignored |
Some fixes available 3 of 53
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
23 affected packages
tdom, vtk, expat, apache2, apr-util...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release |
| expat | Fixed | Not affected | Not affected | Not affected |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not affected |
| wbxml2 | Needs evaluation | Not affected | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Not affected | Not affected | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 81
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | Fixed | Fixed | Ignored | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Not affected | Not affected | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| libxmltok | Ignored | Ignored | Ignored | Ignored |
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect...
1 affected package
apr
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apr | Fixed | Fixed | Fixed | Fixed |
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as...
1 affected package
haproxy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Not affected | Fixed | Fixed | Fixed |
Some fixes available 29 of 42
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
haproxy, tomcat10, tomcat9, trafficserver, h2o...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Not affected | Not affected | Not affected | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |
| h2o | Not affected | Not affected | Not affected | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section...
1 affected package
haproxy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | — | Fixed | Fixed | Not affected |
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a...
1 affected package
haproxy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | — | Not affected | Not affected | Not affected |
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which...
1 affected package
haproxy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Fixed | Fixed | Fixed | Fixed |
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when...
1 affected package
haproxy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | — | Fixed | Not affected | Not affected |