Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

101 – 110 of 294 results

CVE-2019-10098

Low priority

Some fixes available 14 of 15

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

1 affected packages

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-10097

Medium priority
Fixed

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer...

1 affected packages

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected
Show less packages

CVE-2019-10092

Low priority

Some fixes available 3 of 4

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their...

1 affected packages

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-10082

Low priority
Fixed

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

1 affected packages

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Fixed Not affected
Show less packages

CVE-2019-9517

Medium priority

Some fixes available 2 of 3

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the...

1 affected packages

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Fixed Not affected
Show less packages

CVE-2019-1010247

Medium priority
Vulnerable

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is:...

1 affected packages

libapache2-mod-auth-openidc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapache2-mod-auth-openidc Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-13038

Medium priority

Some fixes available 12 of 15

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

1 affected packages

libapache2-mod-auth-mellon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapache2-mod-auth-mellon Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2018-20843

Low priority

Some fixes available 22 of 116

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
audacity Needs evaluation Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable Vulnerable
expat Fixed Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Vulnerable
kompozer Not in release Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release Not in release
libxmltok Vulnerable Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
poco Not affected Not affected Not affected Not affected Not affected
simgear Not affected Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Vulnerable Vulnerable
vtk Not in release Not in release Not in release Not in release Fixed
wbxml2 Not affected Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release Not in release
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 32 packages Show less packages

CVE-2019-0197

Low priority

Some fixes available 2 of 3

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request...

1 affected packages

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Fixed Not affected
Show less packages

CVE-2019-0215

Medium priority
Not affected

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

1 affected packages

apache2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected
Show less packages
  1. Previous page
  2. 9
  3. 10
  4. 11
  5. 12
  6. 13
  7. Next page
Export to JSON