Search CVE reports
121 – 130 of 33763 results
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is...
1 affected package
hdf5
| Package | 24.04 LTS |
|---|---|
| hdf5 | Needs evaluation |
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Needs evaluation |
| tomcat11 | Not in release |
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Needs evaluation |
| tomcat11 | Not in release |
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Needs evaluation |
| tomcat11 | Not in release |
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Needs evaluation |
| tomcat11 | Not in release |
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under...
2 affected packages
incus, lxd
| Package | 24.04 LTS |
|---|---|
| incus | Needs evaluation |
| lxd | Not in release |
Not in release
Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient...
1 affected package
check-mk
| Package | 24.04 LTS |
|---|---|
| check-mk | Not in release |
Not in release
Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.
1 affected package
check-mk
| Package | 24.04 LTS |
|---|---|
| check-mk | Not in release |