Search CVE reports
31 – 40 of 41 results
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
5 affected packages
navit, mapcache, netcdf-parallel, netcdf, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
5 affected packages
mapcache, scilab, netcdf, navit, netcdf-parallel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
4 affected packages
mapcache, netcdf, scilab, netcdf-parallel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
5 affected packages
mapcache, scilab, navit, netcdf, netcdf-parallel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After...
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
4 affected packages
mapcache, netcdf-parallel, netcdf, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a...
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Vulnerable |
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Vulnerable | Vulnerable | Vulnerable | Vulnerable |