Search CVE reports

Toggle filters

221 – 230 of 318 results

CVE-2012-2687

Low priority

Some fixes available 5 of 6

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2012-2760

Low priority
Ignored

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

1 affected package

libapache2-mod-auth-openid

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-auth-openid
Show less packages

CVE-2012-1147

Low priority
Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

expat, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Not affected
apr-util Ignored
audacity Not affected
ayttm Not in release
cableswig Not in release
cadaver Not affected
coin3 Not affected
gdcm Not affected
insighttoolkit Not in release
matanza Not affected
paraview Not affected
poco Not affected
simgear Not affected
sitecopy Not affected
swish-e Not affected
tdom Not affected
texlive-bin Ignored
tla Not affected
vnc4 Ignored
vtk Not in release
wbxml2 Not affected
wxwidgets2.8 Not in release
apache2 Ignored
celementtree Not in release
cmake Ignored
ghostscript Ignored
grmonitor Not in release
kompozer Not in release
libparagui1.1 Not in release
python-xml Not in release
python2.4 Not in release
python2.5 Not in release
python2.6 Not in release
smart Ignored
w3c-libwww Not in release
wxwidgets2.6 Not in release
wxwindows2.4 Not in release
xmlrpc-c Ignored
xotcl Not affected
xulrunner Not in release
Show all 40 packages Show less packages

CVE-2012-1148

Low priority

Some fixes available 45 of 407

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

ayttm, poco, celementtree, python-xml, paraview...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ayttm Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
celementtree Not in release Not in release Not in release Not in release
python-xml Not in release Not in release Not in release Not in release
paraview Not affected Not affected Not affected Not affected
kompozer Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
audacity Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
python2.4 Not in release Not in release Not in release Not in release
python2.5 Not in release Not in release Not in release Not in release
texlive-bin Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored
w3c-libwww Not in release Not in release Not in release Not in release
wxwidgets2.6 Not in release Not in release Not in release Not in release
sitecopy Not in release Not affected Not affected Not affected
wbxml2 Not affected Not affected Not affected Not affected
xulrunner Not in release Not in release Not in release Not in release
insighttoolkit Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
matanza Ignored Ignored Ignored Ignored
libxmltok Fixed Fixed Fixed Fixed
xotcl Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable
gdcm Not affected Not affected Not affected Not affected
simgear Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
grmonitor Not in release Not in release Not in release Not in release
expat Not affected Not affected Not affected Not affected
python2.6 Not in release Not in release Not in release Not in release
wxwindows2.4 Not in release Not in release Not in release Not in release
xmlrpc-c Fixed Fixed Fixed Fixed
Show all 41 packages Show less packages

CVE-2012-0876

Medium priority

Some fixes available 38 of 396

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

cmake, paraview, python-xml, libparagui1.1, poco...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cmake Not affected Not affected Not affected Not affected
paraview Not affected Not affected Not affected Not affected
python-xml Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release
poco Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release
ayttm Not in release Not in release Not in release Not in release
audacity Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored
smart Not in release Not in release Not in release Not affected
vnc4 Not in release Not in release Not in release Ignored
w3c-libwww Not in release Not in release Not in release Not in release
xotcl Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected
wbxml2 Not affected Not affected Not affected Not affected
wxwindows2.4 Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Vulnerable
gdcm Not affected Not affected Not affected Not affected
grmonitor Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected
tdom Not affected Not affected Not affected Not affected
vtk Not in release Not in release Not in release Not in release
cadaver Vulnerable Vulnerable Vulnerable Vulnerable
swish-e Vulnerable Vulnerable Vulnerable Vulnerable
expat Not affected Not affected Not affected Not affected
apache2 Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected
celementtree Not in release Not in release Not in release Not in release
ghostscript Not affected Not affected Not affected Not affected
python2.4 Not in release Not in release Not in release Not in release
python2.5 Not in release Not in release Not in release Not in release
python2.6 Not in release Not in release Not in release Not in release
kompozer Not in release Not in release Not in release Not in release
libxmltok Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release
xmlrpc-c Fixed Fixed Fixed Fixed
xulrunner Not in release Not in release Not in release Not in release
Show all 41 packages Show less packages

CVE-2012-0216

Low priority
Ignored

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2012-0883

Negligible priority
Not affected

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2012-1181

Medium priority

Some fixes available 6 of 9

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service...

1 affected package

libapache2-mod-fcgid

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libapache2-mod-fcgid
Show less packages

CVE-2012-0053

Medium priority
Fixed

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages

CVE-2012-0021

Medium priority
Fixed

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to...

1 affected package

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2
Show less packages
  1. Previous page
  2. 21
  3. 22
  4. 23
  5. 24
  6. 25
  7. Next page
Export to JSON