Search CVE reports
1 – 10 of 50579 results
(Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...)
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | Not affected |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
(Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...)
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | Vulnerable |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
1 affected package
exim4
| Package | 16.04 LTS |
|---|---|
| exim4 | Fixed |
A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when...
2 affected packages
libsoup2.4, libsoup3
| Package | 16.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | — |
[Unknown description]
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Needs evaluation |
A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs...
1 affected package
glib-networking
| Package | 16.04 LTS |
|---|---|
| glib-networking | Vulnerable |
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the...
1 affected package
neutron
| Package | 16.04 LTS |
|---|---|
| neutron | Needs evaluation |
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via...
1 affected package
keystone
| Package | 16.04 LTS |
|---|---|
| keystone | Needs evaluation |
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted...
1 affected package
keystone
| Package | 16.04 LTS |
|---|---|
| keystone | Needs evaluation |
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary...
1 affected package
keystone
| Package | 16.04 LTS |
|---|---|
| keystone | Needs evaluation |