Search CVE reports
1 – 10 of 297 results
CVE-2025-3891
Medium priorityA flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled....
1 affected package
libapache2-mod-auth-openidc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-openidc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2025-31492
Medium prioritySome fixes available 4 of 6
mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results...
1 affected package
libapache2-mod-auth-openidc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libapache2-mod-auth-openidc | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2024-8176
Medium prioritySome fixes available 4 of 76
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to...
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Ignored | Ignored |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Ignored | Ignored | Ignored | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-50602
Medium prioritySome fixes available 7 of 68
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45492
Medium prioritySome fixes available 6 of 67
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45491
Medium prioritySome fixes available 13 of 74
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45490
Medium prioritySome fixes available 13 of 74
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — |
cableswig | Not in release | Not in release | Not in release | — |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-40898
Medium prioritySSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
CVE-2024-40725
Medium prioritySome fixes available 5 of 8
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. “AddType” and similar configuration, under some circumstances where files are...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2024-39884
Medium prioritySome fixes available 6 of 9
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. “AddType” and similar configuration, under some circumstances where files are...
1 affected package
apache2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Fixed | Fixed | Fixed | Needs evaluation |