Search CVE reports
131 – 140 of 306 results
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | Fixed |
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | Fixed |
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | Fixed |
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | Fixed |
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | Fixed |
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | Fixed |
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
Some fixes available 3 of 4
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest....
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
Some fixes available 7 of 99
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
33 affected packages
apache2, apr-util, cmake, expat, ghostscript...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected |
expat | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
kompozer | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
poco | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
audacity | Not affected | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected |
firefox | Not affected | Not affected | Not in release | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not in release | Not affected |
vtk | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Not affected | Not affected | Not affected | Not affected |