Search CVE reports

Toggle filters

151 – 160 of 366 results

CVE-2018-8020

Medium priority
Vulnerable

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates...

1 affected package

tomcat-native

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat-native Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-8019

Medium priority
Vulnerable

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore...

1 affected package

tomcat-native

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat-native Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-5816

Medium priority

Some fixes available 2 of 79

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This...

8 affected packages

kodi, xbmc, darktable, dcraw, exactimage...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
kodi Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xbmc Not in release Not in release Not in release Not in release Not in release
darktable Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
dcraw Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
exactimage Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
rawtherapee Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libraw Not affected Not affected Not affected Not affected Fixed
ufraw Not in release Not in release Not in release Not in release Ignored
Show all 8 packages Show less packages

CVE-2018-5815

Medium priority

Some fixes available 2 of 79

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

8 affected packages

darktable, dcraw, libraw, ufraw, exactimage...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
dcraw Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libraw Not affected Not affected Not affected Not affected Fixed
ufraw Not in release Not in release Not in release Not in release Ignored
exactimage Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
kodi Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
rawtherapee Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2018-5813

Medium priority

Some fixes available 3 of 80

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

8 affected packages

libraw, ufraw, xbmc, darktable, dcraw...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libraw Not affected Not affected Not affected Not affected Fixed
ufraw Not in release Not in release Not in release Not in release Ignored
xbmc Not in release Not in release Not in release Not in release Not in release
darktable Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
dcraw Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
exactimage Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
kodi Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
rawtherapee Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 8 packages Show less packages

CVE-2017-2625

Low priority

Some fixes available 11 of 16

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to...

1 affected package

libxdmcp

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libxdmcp Fixed Fixed Fixed
Show less packages

CVE-2018-8034

Low priority

Some fixes available 3 of 4

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat8.0 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-1336

Medium priority
Fixed

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30,...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not affected
tomcat8 Not in release Not in release Fixed
tomcat8.0 Not in release Not in release Not in release
Show less packages

CVE-2018-12437

Medium priority

Some fixes available 3 of 4

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a...

1 affected package

libtomcrypt

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libtomcrypt Fixed
Show less packages

CVE-2018-8014

Low priority

Some fixes available 5 of 7

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users...

3 affected packages

tomcat7, tomcat8, tomcat8.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not in release Fixed
tomcat8.0 Not in release Not in release Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 14
  3. 15
  4. 16
  5. 17
  6. 18
  7. Next page
Export to JSON