Search CVE reports
121 – 130 of 366 results
Some fixes available 1 of 8
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the...
3 affected packages
tomcat8, tomcat9, tomcat7
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 1 of 8
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow...
3 affected packages
tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
mcollective has a default password set at install
1 affected package
mcollective
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mcollective | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 3 of 5
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service...
1 affected package
libtomcrypt
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libtomcrypt | — | — | Not affected | Not affected | Fixed |
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
1 affected package
memcached
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| memcached | — | — | — | — | Fixed |
Some fixes available 14 of 17
MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.
1 affected package
mcpp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mcpp | Fixed | Fixed | Fixed | Fixed | Vulnerable |
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste...
1 affected package
tinymce
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tinymce | Not in release | Not in release | Not in release | Ignored | Ignored |
Some fixes available 3 of 5
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection...
2 affected packages
tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat8 | — | — | — | — | Fixed |
| tomcat9 | — | — | — | — | Fixed |
Some fixes available 7 of 10
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command...
3 affected packages
tomcat7, tomcat8, tomcat9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | Not in release | Not in release | Not in release | Fixed |
| tomcat8 | — | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | — | Not affected | Not affected | Not affected | Fixed |
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
1 affected package
memcached
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| memcached | — | — | — | — | Fixed |