Search CVE reports


Toggle filters

171 – 180 of 306 results


CVE-2015-3183

Medium priority

Some fixes available 3 of 4

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2015-1283

Medium priority

Some fixes available 41 of 248

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

coin3, xmlrpc-c, libxmltok, matanza, ayttm...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coin3 Vulnerable Vulnerable Vulnerable Vulnerable
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable
libxmltok Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
ayttm Not in release Not in release Not in release Not in release
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
simgear Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
wbxml2 Not affected Not affected Not affected Not affected
wxwidgets2.8 Not in release Not in release Not in release Not in release
xotcl Not affected Not affected Not affected Not affected
chromium-browser Fixed Fixed Fixed Fixed
oxide-qt Not in release Not in release Not in release Not in release
expat Not affected Not affected Not affected Not affected
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
vnc4 Not in release Not in release Not in release Vulnerable
poco Not affected Not affected Not affected Not affected
libparagui1.1 Not in release Not in release Not in release Not in release
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
kompozer Not in release Not in release Not in release Not in release
insighttoolkit Not in release Not in release Not in release Not in release
gdcm Not affected Not affected Not affected Not affected
cableswig Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
smart Not in release Not in release Not in release Not affected
Show all 33 packages Show less packages

CVE-2015-0253

Medium priority
Not affected

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2015-0228

Low priority
Fixed

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2014-8567

Medium priority
Ignored

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

1 affected package

libapache2-mod-auth-mellon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-mellon Not affected
Show less packages

CVE-2014-8566

Medium priority
Ignored

The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving...

1 affected package

libapache2-mod-auth-mellon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-mellon Not affected
Show less packages

CVE-2014-8109

Low priority
Fixed

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2014-3583

Low priority
Fixed

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2014-3581

Low priority
Fixed

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2014-3523

Medium priority
Not affected

Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages