Search CVE reports
171 – 180 of 306 results
Some fixes available 3 of 4
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
Some fixes available 41 of 248
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...
33 affected packages
coin3, xmlrpc-c, libxmltok, matanza, ayttm...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
ayttm | Not in release | Not in release | Not in release | Not in release |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
simgear | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
xotcl | Not affected | Not affected | Not affected | Not affected |
chromium-browser | Fixed | Fixed | Fixed | Fixed |
oxide-qt | Not in release | Not in release | Not in release | Not in release |
expat | Not affected | Not affected | Not affected | Not affected |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
vnc4 | Not in release | Not in release | Not in release | Vulnerable |
poco | Not affected | Not affected | Not affected | Not affected |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
gdcm | Not affected | Not affected | Not affected | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release |
audacity | Not affected | Not affected | Not affected | Not affected |
vtk | Not in release | Not in release | Not in release | Not in release |
smart | Not in release | Not in release | Not in release | Not affected |
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
1 affected package
libapache2-mod-auth-mellon
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-mellon | — | — | — | Not affected |
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving...
1 affected package
libapache2-mod-auth-mellon
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-mellon | — | — | — | Not affected |
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |