Search CVE reports

151 – 160 of 293 results

Detailed view

Sort by:

CVE-2016-0736

Medium priority

Fixed

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or...

1 affected packages

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	Fixed

CVE-2016-8740

Medium priority

Not affected

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory...

1 affected packages

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	Not affected

CVE-2016-4694

Medium priority

Not affected

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment...

1 affected packages

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	Not affected

CVE-2016-5387

Medium priority

Fixed

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote...

1 affected packages

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	Fixed

CVE-2016-4979

Medium priority

Not affected

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass...

1 affected packages

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	Not affected

CVE-2016-1546

Medium priority

Not affected

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of...

1 affected packages

apache2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	—	—	—	—	Not affected

CVE-2016-5300

Medium priority

Some fixes available 5 of 96

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...

31 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2016-2146

Medium priority

Ignored

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption)...

1 affected packages

libapache2-mod-auth-mellon

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libapache2-mod-auth-mellon	—	—	—	Not affected	Not affected

CVE-2016-2145

Medium priority

Ignored

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash)...

1 affected packages

libapache2-mod-auth-mellon

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libapache2-mod-auth-mellon	—	—	—	Not affected	Not affected

CVE-2015-1283

Medium priority

Some fixes available 37 of 233

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
chromium-browser	Fixed	Fixed	Fixed	Fixed	Fixed
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
oxide-qt	Not in release	Not in release	Not in release	Not in release	Fixed
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable	Fixed
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page: