Search CVE reports
31 – 40 of 358 results
Some fixes available 4 of 8
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 8
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 8
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Fixed | Fixed | Fixed | Fixed |
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Fixed | Fixed | Not affected | Not affected |
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Fixed | Fixed | Fixed | Fixed |
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Fixed | Fixed | Fixed | Fixed |
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Fixed | Not affected | Not affected | Not affected | Not affected |
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | Not in release | — | — |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | — | — |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| smart | Not in release | Not in release | Not in release | — | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | — | — |
| vnc4 | Not in release | Not in release | Not in release | — | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | — | — |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |