Search CVE reports

361 – 370 of 465 results

Detailed view

Sort by:

CVE-2010-0383

Medium priority

Ignored

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.

1 affected package

tor

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tor	—	—	—	—

CVE-2009-3560

Medium priority

Some fixes available 81 of 503

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed...

41 affected packages

vtk, apache2, python-xml, paraview, poco...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vtk	Not in release	Not in release	Not in release	Not in release
apache2	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Vulnerable
apr-util	Not affected	Not affected	Not affected	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not affected
w3c-libwww	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release

CVE-2009-4193

Medium priority

Ignored

Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.

1 affected package

merkaartor

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
merkaartor	—	—	—	—

CVE-2009-3720

Low priority

Some fixes available 81 of 535

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML...

41 affected packages

apache2, apr-util, expat, cmake, celementtree...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed
cmake	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not affected
poco	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
libxmltok	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
tla	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
sitecopy	Not in release	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
python-xml	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release
w3c-libwww	Not in release	Not in release	Not in release	Not in release
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected

CVE-2009-3609

Medium priority

Some fixes available 39 of 108

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service...

11 affected packages

koffice, gpdf, ipe, pdfkit.framework, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
koffice	Not in release	Not in release	Not in release	Not in release
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
libextractor	Not affected	Not affected	Not affected	Not affected
kdegraphics	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
poppler	Fixed	Fixed	Fixed	Fixed
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected

CVE-2009-3608

Medium priority

Some fixes available 39 of 108

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute...

11 affected packages

koffice, gpdf, ipe, libextractor, xpdf...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
koffice	Not in release	Not in release	Not in release	Not in release
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libextractor	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected
kdegraphics	Not in release	Not in release	Not in release	Not in release
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
poppler	Fixed	Fixed	Fixed	Fixed
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected

CVE-2009-3606

Medium priority

Some fixes available 7 of 76

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a...

11 affected packages

gpdf, ipe, kdegraphics, koffice, poppler...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
kdegraphics	Not in release	Not in release	Not in release	Not in release
koffice	Not in release	Not in release	Not in release	Not in release
poppler	Not affected	Not affected	Not affected	Not affected
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
libextractor	Not affected	Not affected	Not affected	Not affected
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
xpdf	Not affected	Not affected	Not in release	Not affected

CVE-2009-3604

Medium priority

Some fixes available 38 of 105

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service...

11 affected packages

gpdf, ipe, libextractor, kdegraphics, koffice...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libextractor	Not affected	Not affected	Not affected	Not affected
kdegraphics	Not in release	Not in release	Not in release	Not in release
koffice	Not in release	Not in release	Not in release	Not in release
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
poppler	Fixed	Fixed	Fixed	Fixed
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected

CVE-2009-3603

Medium priority

Some fixes available 38 of 105

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer...

11 affected packages

kdegraphics, gpdf, ipe, xpdf, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
kdegraphics	Not in release	Not in release	Not in release	Not in release
gpdf	Not in release	Not in release	Not in release	Not in release
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xpdf	Not affected	Not affected	Not in release	Not affected
libextractor	Not affected	Not affected	Not affected	Not affected
koffice	Not in release	Not in release	Not in release	Not in release
pdfkit.framework	Not in release	Not in release	Not in release	Not in release
pdftohtml	Not in release	Not in release	Not in release	Not in release
poppler	Fixed	Fixed	Fixed	Fixed
tetex-bin	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected

CVE-2009-3042

Medium priority

Ignored

SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.

1 affected package

ocsinventory-server

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ocsinventory-server	—	—	—	Not affected

Export to JSON

Results by page: