Search CVE reports
171 – 180 of 366 results
Some fixes available 3 of 5
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security...
3 affected packages
tomcat7, tomcat8.0, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 3 of 5
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints...
3 affected packages
tomcat7, tomcat8, tomcat8.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tomcat8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip...
1 affected package
tomcat-native
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat-native | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 2
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to...
3 affected packages
tomcat7, tomcat8, tomcat8.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | Not affected |
| tomcat8 | — | — | — | — | Not affected |
| tomcat8.0 | — | — | — | — | Not in release |
Some fixes available 3 of 97
An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
8 affected packages
darktable, dcraw, exactimage, rawtherapee, libraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| dcraw | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 3 of 96
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
8 affected packages
darktable, rawtherapee, libraw, ufraw, xbmc...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Ignored |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 4 of 10
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was...
3 affected packages
tomcat7, tomcat8, tomcat8.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | Not in release | Not in release | Not in release | Ignored |
| tomcat8 | — | Not in release | Not in release | Not in release | Not affected |
| tomcat8.0 | — | Not in release | Not in release | Not in release | Not in release |
Some fixes available 4 of 96
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive...
8 affected packages
kodi, darktable, dcraw, libraw, ufraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially...
1 affected package
tomcat7
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | — | — | — | — |
Some fixes available 2 of 7
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
2 affected packages
tomcat7, tomcat8
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat7 | — | Not in release | Not in release | Not in release | Ignored |
| tomcat8 | — | Not in release | Not in release | Not in release | Not affected |