Search CVE reports

41 – 50 of 450 results

Detailed view

Sort by:

CVE-2023-38560

Negligible priority

Ignored

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	Not affected	Ignored	Not affected	Not affected

CVE-2023-38559

Medium priority

Fixed

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	Fixed	Fixed	Fixed	Fixed

CVE-2023-26136

Medium priority

Needs evaluation

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the...

1 affected packages

node-tough-cookie

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
node-tough-cookie	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2023-36664

Medium priority

Fixed

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	Fixed	Fixed	Not affected	Not affected

CVE-2023-27830

Medium priority

Not affected

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the...

1 affected packages

tightvnc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tightvnc	—	Not affected	Not affected	Not affected	Not affected

CVE-2023-28879

Medium priority

Fixed

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If...

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	Fixed	Fixed	Fixed	Fixed

CVE-2022-43680

Medium priority

Some fixes available 10 of 94

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	Not in release	Not in release	Not in release	Needs evaluation
cableswig	—	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Ignored	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Needs evaluation
libxmltok	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	—	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Ignored	Ignored
vnc4	—	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	—	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-41556

Medium priority

Some fixes available 2 of 4

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in...

1 affected packages

lighttpd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lighttpd	Not affected	Fixed	Not affected	Not affected	Not affected

CVE-2022-40674

Medium priority

Some fixes available 12 of 114

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	Not in release	Not in release	Not in release	Needs evaluation
cableswig	—	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
gdcm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Needs evaluation
libxmltok	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not affected
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	—	Not in release	Not in release	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Needs evaluation
thunderbird	Ignored	Ignored	Ignored	Ignored	Ignored
vnc4	—	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	—	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-37797

Medium priority

Vulnerable

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an...

1 affected packages

lighttpd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lighttpd	Not affected	Vulnerable	Vulnerable	Not affected	Not affected

Export to JSON

Results by page: