Search CVE reports


Toggle filters

1 – 10 of 297 results


CVE-2025-3891

Medium priority
Needs evaluation

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled....

1 affected package

libapache2-mod-auth-openidc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-openidc Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-31492

Medium priority

Some fixes available 4 of 6

mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results...

1 affected package

libapache2-mod-auth-openidc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-openidc Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2024-8176

Medium priority

Some fixes available 4 of 76

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to...

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Ignored Ignored
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Ignored Ignored Ignored Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-50602

Medium priority

Some fixes available 7 of 68

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45492

Medium priority

Some fixes available 6 of 67

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45491

Medium priority

Some fixes available 13 of 74

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45490

Medium priority

Some fixes available 13 of 74

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-40898

Medium priority
Not affected

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-40725

Medium priority

Some fixes available 5 of 8

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. “AddType” and similar configuration, under some circumstances where files are...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-39884

Medium priority

Some fixes available 6 of 9

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   “AddType” and similar configuration, under some circumstances where files are...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Needs evaluation
Show less packages