Search CVE reports
271 – 280 of 334 results
Some fixes available 85 of 543
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML...
41 affected packages
apache2, apr-util, expat, cmake, celementtree...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
| paraview | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Not affected |
| poco | Not affected | Not affected | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tla | Not in release | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| sitecopy | Needs evaluation | Not in release | Not affected | Not affected | Not affected |
| wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
| tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
| python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
| xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly...
3 affected packages
apache2, apr, apr-util
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
| apr | — | — | — | — | — |
| apr-util | — | — | — | — | — |
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
2 affected packages
apache2, apr-util
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
| apr-util | — | — | — | — | — |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service...
2 affected packages
apache2, apr-util
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
| apr-util | — | — | — | — | — |
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the...
2 affected packages
apache2, apr-util
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
| apr-util | — | — | — | — | — |
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options...
1 affected package
apache2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |