Search CVE reports
181 – 190 of 294 results
CVE-2013-0340
Medium priorityexpat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
| apr-util | — | — | — | — | — |
| audacity | — | — | — | — | — |
| ayttm | — | — | — | — | — |
| cableswig | — | — | — | — | — |
| cadaver | — | — | — | — | — |
| celementtree | — | — | — | — | — |
| cmake | — | — | — | — | — |
| coin3 | — | — | — | — | — |
| expat | — | — | — | — | — |
| gdcm | — | — | — | — | — |
| ghostscript | — | — | — | — | — |
| grmonitor | — | — | — | — | — |
| insighttoolkit | — | — | — | — | — |
| kompozer | — | — | — | — | — |
| libparagui1.1 | — | — | — | — | — |
| matanza | — | — | — | — | — |
| paraview | — | — | — | — | — |
| poco | — | — | — | — | — |
| python-xml | — | — | — | — | — |
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| simgear | — | — | — | — | — |
| sitecopy | — | — | — | — | — |
| smart | — | — | — | — | — |
| swish-e | — | — | — | — | — |
| tdom | — | — | — | — | — |
| texlive-bin | — | — | — | — | — |
| tla | — | — | — | — | — |
| vnc4 | — | — | — | — | — |
| vtk | — | — | — | — | — |
| w3c-libwww | — | — | — | — | — |
| wbxml2 | — | — | — | — | — |
| wxwidgets2.6 | — | — | — | — | — |
| wxwidgets2.8 | — | — | — | — | — |
| wxwindows2.4 | — | — | — | — | — |
| xmlrpc-c | — | — | — | — | — |
| xotcl | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
CVE-2013-4566
Medium prioritymod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
1 affected packages
libapache2-mod-nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libapache2-mod-nss | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2013-6111
Low priorityCross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP...
1 affected packages
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
CVE-2013-4365
Medium prioritySome fixes available 4 of 5
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
1 affected packages
libapache2-mod-fcgid
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libapache2-mod-fcgid | — | — | — | — | — |
CVE-2013-2249
Medium prioritymod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified...
1 affected packages
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
CVE-2013-1896
Medium prioritymod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI...
1 affected packages
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
CVE-2013-1862
Low prioritymod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an...
1 affected packages
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
CVE-2013-1048
Medium priorityThe Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2...
1 affected packages
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
CVE-2012-4558
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x...
1 affected packages
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
CVE-2012-3499
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in...
1 affected packages
apache2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |