Search CVE reports

251 – 260 of 346 results

Detailed view

Sort by:

CVE-2012-1147

Low priority

Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—	Ignored
apr-util	—	—	—	—	Ignored
audacity	—	—	—	—	Not affected
ayttm	—	—	—	—	Not in release
cableswig	—	—	—	—	Not in release
cadaver	—	—	—	—	Not affected
celementtree	—	—	—	—	Not in release
cmake	—	—	—	—	Ignored
coin3	—	—	—	—	Not affected
expat	—	—	—	—	Not affected
gdcm	—	—	—	—	Not affected
ghostscript	—	—	—	—	Ignored
grmonitor	—	—	—	—	Not in release
insighttoolkit	—	—	—	—	Not in release
kompozer	—	—	—	—	Not in release
libparagui1.1	—	—	—	—	Not in release
matanza	—	—	—	—	Not affected
paraview	—	—	—	—	Not affected
poco	—	—	—	—	Not affected
python-xml	—	—	—	—	Not in release
python2.4	—	—	—	—	Not in release
python2.5	—	—	—	—	Not in release
python2.6	—	—	—	—	Not in release
simgear	—	—	—	—	Not affected
sitecopy	—	—	—	—	Not affected
smart	—	—	—	—	Ignored
swish-e	—	—	—	—	Not affected
tdom	—	—	—	—	Not affected
texlive-bin	—	—	—	—	Ignored
tla	—	—	—	—	Not affected
vnc4	—	—	—	—	Ignored
vtk	—	—	—	—	Not in release
w3c-libwww	—	—	—	—	Not in release
wbxml2	—	—	—	—	Not affected
wxwidgets2.6	—	—	—	—	Not in release
wxwidgets2.8	—	—	—	—	Not in release
wxwindows2.4	—	—	—	—	Not in release
xmlrpc-c	—	—	—	—	Ignored
xotcl	—	—	—	—	Not affected
xulrunner	—	—	—	—	Not in release

CVE-2012-1148

Low priority

Some fixes available 46 of 407

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
celementtree	Not in release	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not in release	Fixed	Fixed	Fixed	Fixed
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
paraview	Needs evaluation	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Needs evaluation	Not in release	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not in release	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
w3c-libwww	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2012-0876

Medium priority

Some fixes available 39 of 396

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release	Not in release
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
celementtree	Not in release	Not in release	Not in release	Not in release	Not in release
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
grmonitor	Not in release	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not in release	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored	Ignored
paraview	Needs evaluation	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
python-xml	Not in release	Not in release	Not in release	Not in release	Not in release
python2.4	Not in release	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release	Not in release
python2.6	Not in release	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Needs evaluation	Not in release	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not in release	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not in release	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not in release
w3c-libwww	Not in release	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2012-0216

Low priority

Ignored

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—	—

CVE-2012-0883

Negligible priority

Not affected

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—	—

CVE-2012-1181

Medium priority

Some fixes available 6 of 9

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service...

1 affected package

libapache2-mod-fcgid

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libapache2-mod-fcgid	—	—	—	—	—

CVE-2012-0053

Medium priority

Fixed

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—	—

CVE-2012-0021

Medium priority

Fixed

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—	—

CVE-2012-0031

Low priority

Fixed

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—	—

CVE-2007-6750

Medium priority

Ignored

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—	—

Export to JSON

Results by page: