Search CVE reports
221 – 230 of 331 results
Some fixes available 4 of 5
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
1 affected package
libapache2-mod-fcgid
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libapache2-mod-fcgid | — | — | — | — | — |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
40 affected packages
tdom, apache2, apr-util, audacity, ayttm...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tdom | — | — | — | — | — |
| apache2 | — | — | — | — | — |
| apr-util | — | — | — | — | — |
| audacity | — | — | — | — | — |
| ayttm | — | — | — | — | — |
| cableswig | — | — | — | — | — |
| cadaver | — | — | — | — | — |
| celementtree | — | — | — | — | — |
| cmake | — | — | — | — | — |
| coin3 | — | — | — | — | — |
| expat | — | — | — | — | — |
| gdcm | — | — | — | — | — |
| ghostscript | — | — | — | — | — |
| grmonitor | — | — | — | — | — |
| insighttoolkit | — | — | — | — | — |
| kompozer | — | — | — | — | — |
| libparagui1.1 | — | — | — | — | — |
| matanza | — | — | — | — | — |
| paraview | — | — | — | — | — |
| poco | — | — | — | — | — |
| python-xml | — | — | — | — | — |
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| simgear | — | — | — | — | — |
| sitecopy | — | — | — | — | — |
| smart | — | — | — | — | — |
| swish-e | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| tla | — | — | — | — | — |
| vnc4 | — | — | — | — | — |
| vtk | — | — | — | — | — |
| w3c-libwww | — | — | — | — | — |
| wbxml2 | — | — | — | — | — |
| wxwidgets2.6 | — | — | — | — | — |
| wxwidgets2.8 | — | — | — | — | — |
| wxwindows2.4 | — | — | — | — | — |
| xmlrpc-c | — | — | — | — | — |
| xotcl | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
Some fixes available 5 of 110
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
32 affected packages
ayttm, apache2, cmake, ghostscript, paraview...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| paraview | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
| matanza | Not affected | Not affected | Not affected | Not affected | Not affected |
| poco | Not affected | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Needs evaluation | Not in release | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Not affected | Not affected | Not affected | Not affected | Not affected |
| tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| tla | Not in release | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |