Search CVE reports

Toggle filters

11 – 20 of 307 results

CVE-2025-3891

Medium priority
Needs evaluation

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled....

1 affected package

libapache2-mod-auth-openidc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-openidc Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-31492

Medium priority

Some fixes available 4 of 6

mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results...

1 affected package

libapache2-mod-auth-openidc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-openidc Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2024-8176

Medium priority

Some fixes available 4 of 76

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to...

23 affected packages

cadaver, apache2, apr-util, cmake, ghostscript...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
libxmltok Needs evaluation Needs evaluation Needs evaluation Needs evaluation
expat Fixed Fixed Ignored Ignored
Show all 23 packages Show less packages

CVE-2024-50602

Medium priority

Some fixes available 7 of 68

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

23 affected packages

smart, apache2, apr-util, cmake, ghostscript...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
smart Not in release Not in release Not in release Needs evaluation
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
libxmltok Not affected Not affected Not affected Not affected
Show all 23 packages Show less packages

CVE-2024-45492

Medium priority

Some fixes available 6 of 67

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

tdom, apache2, apr-util, cmake, ghostscript...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
libxmltok Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed
Show all 23 packages Show less packages

CVE-2024-45491

Medium priority

Some fixes available 13 of 74

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, cmake, ghostscript, texlive-bin...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
libxmltok Fixed Fixed Fixed Fixed
expat Fixed Fixed Fixed Fixed
Show all 23 packages Show less packages

CVE-2024-45490

Medium priority

Some fixes available 13 of 74

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Fixed Fixed Fixed Fixed
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
libxmltok Fixed Fixed Fixed Fixed
Show all 23 packages Show less packages

CVE-2024-40898

Medium priority
Not affected

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-40725

Medium priority

Some fixes available 5 of 8

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-39884

Medium priority

Some fixes available 6 of 9

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Needs evaluation
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON