Search CVE reports

51 – 60 of 306 results

Detailed view

Sort by:

CVE-2022-28330

Medium priority

Not affected

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	Not affected	Not affected	Not affected

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to...

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	Not affected	Not affected	Not affected

CVE-2022-26377

Medium priority

Fixed

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects...

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	Fixed	Fixed	Fixed

CVE-2022-25315

Medium priority

Some fixes available 19 of 109

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

24 affected packages

ayttm, cadaver, apache2, apr-util, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Not in release	Ignored
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release

CVE-2022-25314

Medium priority

Some fixes available 17 of 107

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

thunderbird, ayttm, cableswig, cadaver, apache2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Ignored	Ignored	Not in release	Ignored
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
firefox	Fixed	Fixed	Not in release	Ignored
expat	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-25313

Medium priority

Some fixes available 19 of 109

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

ayttm, apache2, apr-util, cmake, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
coin3	Not affected	Not affected	Not affected	Needs evaluation
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored
thunderbird	Ignored	Ignored	Not in release	Ignored
firefox	Fixed	Fixed	Not in release	Ignored
expat	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected

CVE-2022-25236

High priority

Some fixes available 26 of 120

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
expat	Fixed	Fixed	Fixed	Fixed
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored
libxmltok	Fixed	Fixed	Fixed	Fixed
vnc4	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
coin3	Not affected	Not affected	Not affected	Needs evaluation
firefox	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Not affected
thunderbird	Ignored	Ignored	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release

CVE-2022-25235

High priority

Some fixes available 26 of 120

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

firefox, smart, vtk, thunderbird, apache2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Not in release	Ignored
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
thunderbird	Ignored	Ignored	Not in release	Ignored
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Fixed	Fixed	Fixed	Fixed
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored
coin3	Not affected	Not affected	Not affected	Needs evaluation
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected

CVE-2022-23990

Medium priority

Some fixes available 19 of 86

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

apache2, apr-util, insighttoolkit, swish-e, tdom...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
swish-e	Needs evaluation	Needs evaluation	Not affected	Not affected
tdom	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
vtk	Not in release	Not in release	Not in release	Not in release
matanza	Ignored	Ignored	Ignored	Ignored
expat	Fixed	Fixed	Fixed	Fixed
wbxml2	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable
firefox	Fixed	Fixed	Not in release	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Not in release	Ignored
vnc4	Not in release	Not in release	Not in release	Not affected
xmlrpc-c	Needs evaluation	Needs evaluation	Not affected	Not affected

CVE-2022-23943

Medium priority

Fixed

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

1 affected package

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	Fixed	Fixed	Fixed

Export to JSON

Results by page: