Search CVE reports
101 – 110 of 366 results
Some fixes available 3 of 9
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Fixed |
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in...
4 affected packages
tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Vulnerable | Vulnerable |
Some fixes available 2 of 4
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat8 | Not in release | Not in release | Not in release | Vulnerable |
| tomcat9 | Not affected | Not affected | Fixed | Fixed |
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can...
1 affected package
kpmcore
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kpmcore | Not affected | Not affected | Needs evaluation | Needs evaluation |
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was...
2 affected packages
tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat8 | — | — | Not in release | Not affected |
| tomcat9 | — | — | Not affected | Not affected |
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software...
8 affected packages
darktable, dcraw, exactimage, kodi, libraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| darktable | — | — | Not affected | Not affected |
| dcraw | — | — | Not affected | Not affected |
| exactimage | — | — | Not affected | Not affected |
| kodi | — | — | Not affected | Not affected |
| libraw | — | — | Not affected | Not affected |
| rawtherapee | — | — | Not affected | Not affected |
| ufraw | — | — | Not in release | Not affected |
| xbmc | — | — | Not in release | Not in release |
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
8 affected packages
libraw, ufraw, darktable, xbmc, dcraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libraw | — | — | Not affected | Not affected |
| ufraw | — | — | Not in release | Not affected |
| darktable | — | — | Not affected | Not affected |
| xbmc | — | — | Not in release | Not in release |
| dcraw | — | — | Not affected | Not affected |
| exactimage | — | — | Not affected | Not affected |
| kodi | — | — | Not affected | Not affected |
| rawtherapee | — | — | Not affected | Not affected |
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
1 affected package
tinymce
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tinymce | Not in release | Not in release | Needs evaluation | Needs evaluation |
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
1 affected package
tinymce
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tinymce | Not in release | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 2 of 8
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop....
4 affected packages
tomcat9, tomcat6, tomcat7, tomcat8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat9 | Not affected | Not affected | Fixed | Vulnerable |
| tomcat6 | Not in release | Not in release | Not in release | Not in release |
| tomcat7 | Not in release | Not in release | Not in release | Vulnerable |
| tomcat8 | Not in release | Not in release | Not in release | Vulnerable |