Search CVE reports

11 – 20 of 358 results

Detailed view

Sort by:

CVE-2026-56132

Medium priority

Needs evaluation

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	—	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gdcm	Not affected	Not affected	Not affected	Not affected	Needs evaluation
ayttm	Not in release	Not in release	Not in release	—	—
cableswig	Not in release	Not in release	Not in release	—	—
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	—	—
smart	Not in release	Not in release	Not in release	—	Needs evaluation
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Not affected	—	—
libxmltok	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-56131

Medium priority

Needs evaluation

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	—	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gdcm	Not affected	Not affected	Not affected	Not affected	Needs evaluation
ayttm	Not in release	Not in release	Not in release	—	—
cableswig	Not in release	Not in release	Not in release	—	—
coin3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	—	—
smart	Not in release	Not in release	Not in release	—	Needs evaluation
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Not affected	—	—
libxmltok	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-48913

Medium priority

Needs evaluation

Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67.

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-44631

Medium priority

Needs evaluation

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-44186

Medium priority

Needs evaluation

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-44185

Medium priority

Needs evaluation

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-44119

Medium priority

Needs evaluation

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-43951

Medium priority

Needs evaluation

Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-42536

Medium priority

Needs evaluation

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-42535

Medium priority

Needs evaluation

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to...

1 affected package

apache2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page: