Search CVE reports

191 – 200 of 306 results

Detailed view

Sort by:

CVE-2013-4352

Medium priority

Not affected

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer...

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—

CVE-2013-2249

Medium priority

Not affected

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified...

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—

CVE-2013-1896

Medium priority

Fixed

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI...

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—

CVE-2013-1889

Medium priority

Ignored

mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.

1 affected package

libapache2-mod-ruid2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libapache2-mod-ruid2	—	—	—	—

CVE-2013-1862

Low priority

Fixed

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an...

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—

CVE-2013-1048

Medium priority

Fixed

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2...

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—

CVE-2013-0341

Medium priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

40 affected packages

tdom, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tdom	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2013-0340

Medium priority

Ignored

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
tdom	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2012-6702

Medium priority

Some fixes available 5 of 104

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

32 affected packages

xmlrpc-c, audacity, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
matanza	Not affected	Not affected	Not affected	Not affected
paraview	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
vnc4	Not in release	Not in release	Not in release	Ignored
xotcl	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
gdcm	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected

CVE-2012-4929

Medium priority

Some fixes available 21 of 34

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle...

6 affected packages

apache2, chromium-browser, nss, openssl, openssl098, qt4-x11

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—
chromium-browser	—	—	—	—
nss	—	—	—	—
openssl	—	—	—	—
openssl098	—	—	—	—
qt4-x11	—	—	—	—

Export to JSON

Results by page: