Search CVE reports
211 – 220 of 306 results
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
Some fixes available 37 of 392
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...
41 affected packages
coin3, audacity, matanza, cableswig, cadaver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| coin3 | Not affected | Not affected | Not affected | Vulnerable |
| audacity | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| paraview | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Not in release | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not affected |
| swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| tdom | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| tla | Not affected | Not affected | Not affected | Not affected |
| wbxml2 | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
| expat | Not affected | Not affected | Not affected | Not affected |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| celementtree | Not in release | Not in release | Not in release | Not in release |
| cmake | Not affected | Not affected | Not affected | Not affected |
| python2.6 | Not in release | Not in release | Not in release | Not in release |
| python2.5 | Not in release | Not in release | Not in release | Not in release |
| python2.4 | Not in release | Not in release | Not in release | Not in release |
| python-xml | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Fixed | Fixed | Fixed | Fixed |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
| vnc4 | Not in release | Not in release | Not in release | Ignored |
| xotcl | Not affected | Not affected | Not affected | Not affected |
| w3c-libwww | Not in release | Not in release | Not in release | Not in release |
| poco | Not affected | Not affected | Not affected | Not affected |
| xulrunner | Not in release | Not in release | Not in release | Not in release |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
| kompozer | Not in release | Not in release | Not in release | Not in release |
| wxwindows2.4 | Not in release | Not in release | Not in release | Not in release |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| grmonitor | Not in release | Not in release | Not in release | Not in release |
| vtk | Not in release | Not in release | Not in release | Not in release |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
1 affected package
libapache2-mod-nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libapache2-mod-nss | Not in release | Not in release | Not in release | Vulnerable |
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |