Search CVE reports

Toggle filters

1 – 10 of 294 results

CVE-2024-50602

Medium priority
Needs evaluation

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45492

Medium priority

Some fixes available 6 of 61

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Not affected Not affected Not affected Not affected
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45491

Medium priority

Some fixes available 12 of 67

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-45490

Medium priority

Some fixes available 12 of 67

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2024-40898

Medium priority
Not affected

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-40725

Medium priority

Some fixes available 4 of 7

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-39884

Medium priority

Some fixes available 5 of 8

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-39573

Medium priority

Some fixes available 5 of 8

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60,...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-38477

Medium priority

Some fixes available 7 of 8

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-38476

Medium priority

Some fixes available 7 of 8

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Fixed
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON