Search CVE reports
191 – 200 of 334 results
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
Some fixes available 5 of 102
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...
31 affected packages
apache2, apr-util, cmake, poco, sitecopy...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| poco | Not affected | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Needs evaluation | Not in release | Not affected | Not affected | Not affected |
| tla | Not in release | Not affected | Not affected | Not affected | Not affected |
| cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| matanza | Not affected | Not affected | Not affected | Not affected | Not affected |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Not affected | Not affected | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
| swish-e | Not affected | Not affected | Not affected | Not affected | Not affected |
| tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption)...
1 affected package
libapache2-mod-auth-mellon
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libapache2-mod-auth-mellon | — | — | — | — | Not affected |
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash)...
1 affected package
libapache2-mod-auth-mellon
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libapache2-mod-auth-mellon | — | — | — | — | Not affected |