Search CVE reports
211 – 220 of 315 results
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
Some fixes available 5 of 107
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
32 affected packages
ayttm, apache2, cmake, ghostscript, paraview...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ayttm | Not in release | Not in release | Not in release | Not in release |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| paraview | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| cadaver | Not affected | Not affected | Not affected | Not affected |
| expat | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release |
| matanza | Not affected | Not affected | Not affected | Not affected |
| poco | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Not in release | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not affected |
| swish-e | Not affected | Not affected | Not affected | Not affected |
| tdom | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| tla | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
| xotcl | Not affected | Not affected | Not affected | Not affected |
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
Some fixes available 21 of 34
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle...
6 affected packages
apache2, chromium-browser, nss, openssl, openssl098, qt4-x11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
| chromium-browser | — | — | — | — |
| nss | — | — | — | — |
| openssl | — | — | — | — |
| openssl098 | — | — | — | — |
| qt4-x11 | — | — | — | — |
The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
1 affected package
libapache2-mod-rpaf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libapache2-mod-rpaf | — | — | — | — |
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
Some fixes available 5 of 6
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow...
1 affected package
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
1 affected package
libapache2-mod-auth-openid
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libapache2-mod-auth-openid | — | — | — | — |
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
40 affected packages
expat, apr-util, audacity, ayttm, cableswig...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | — | — | — | Not affected |
| apr-util | — | — | — | Ignored |
| audacity | — | — | — | Not affected |
| ayttm | — | — | — | Not in release |
| cableswig | — | — | — | Not in release |
| cadaver | — | — | — | Not affected |
| coin3 | — | — | — | Not affected |
| gdcm | — | — | — | Not affected |
| insighttoolkit | — | — | — | Not in release |
| matanza | — | — | — | Not affected |
| paraview | — | — | — | Not affected |
| poco | — | — | — | Not affected |
| simgear | — | — | — | Not affected |
| sitecopy | — | — | — | Not affected |
| swish-e | — | — | — | Not affected |
| tdom | — | — | — | Not affected |
| texlive-bin | — | — | — | Ignored |
| tla | — | — | — | Not affected |
| vnc4 | — | — | — | Ignored |
| vtk | — | — | — | Not in release |
| wbxml2 | — | — | — | Not affected |
| wxwidgets2.8 | — | — | — | Not in release |
| apache2 | — | — | — | Ignored |
| celementtree | — | — | — | Not in release |
| cmake | — | — | — | Ignored |
| ghostscript | — | — | — | Ignored |
| grmonitor | — | — | — | Not in release |
| kompozer | — | — | — | Not in release |
| libparagui1.1 | — | — | — | Not in release |
| python-xml | — | — | — | Not in release |
| python2.4 | — | — | — | Not in release |
| python2.5 | — | — | — | Not in release |
| python2.6 | — | — | — | Not in release |
| smart | — | — | — | Ignored |
| w3c-libwww | — | — | — | Not in release |
| wxwidgets2.6 | — | — | — | Not in release |
| wxwindows2.4 | — | — | — | Not in release |
| xmlrpc-c | — | — | — | Ignored |
| xotcl | — | — | — | Not affected |
| xulrunner | — | — | — | Not in release |