Search CVE reports


Toggle filters

131 – 140 of 306 results


CVE-2018-1312

Low priority
Fixed

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed
Show less packages

CVE-2018-1303

Low priority
Fixed

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed
Show less packages

CVE-2018-1302

Low priority
Fixed

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed
Show less packages

CVE-2018-1301

Low priority
Fixed

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed
Show less packages

CVE-2018-1283

Low priority
Fixed

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed
Show less packages

CVE-2018-11763

Medium priority
Fixed

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed
Show less packages

CVE-2017-9798

Medium priority
Fixed

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2017-9789

Medium priority
Not affected

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2017-9788

Medium priority

Some fixes available 3 of 4

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest....

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2017-9233

Medium priority

Some fixes available 7 of 99

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

33 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
expat Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
texlive-bin Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
coin3 Not affected Not affected Not affected Needs evaluation
cableswig Not in release Not in release Not in release Not in release
cadaver Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
libxmltok Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
wbxml2 Not affected Not affected Not affected Not affected
firefox Not affected Not affected Not in release Not affected
simgear Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
tdom Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not in release Not affected
vtk Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
xmlrpc-c Not affected Not affected Not affected Not affected
Show all 33 packages Show less packages