Search CVE reports
1 – 10 of 297 results
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled....
1 affected package
libapache2-mod-auth-openidc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-openidc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 6
mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results...
1 affected package
libapache2-mod-auth-openidc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-openidc | Fixed | Fixed | Vulnerable | Vulnerable |
Some fixes available 4 of 76
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to...
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Ignored | Ignored |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Ignored | Ignored | Ignored | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 7 of 68
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 6 of 67
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 13 of 74
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 13 of 74
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 8
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. “AddType” and similar configuration, under some circumstances where files are...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Fixed | Fixed | Fixed | Needs evaluation |
Some fixes available 6 of 9
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. “AddType” and similar configuration, under some circumstances where files are...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Fixed | Fixed | Fixed | Needs evaluation |