CVE search results

201 – 210 of 366 results

Detailed view

Sort by:

CVE-2017-6056

Medium priority

Some fixes available 3 of 5

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a...

3 affected packages

tomcat7, tomcat6, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat8	Not in release	Not in release	Not in release	Not in release	Not affected

CVE-2017-5604

Medium priority

Ignored

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of...

1 affected package

mcabber

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mcabber	—	—	—	—	Not affected

CVE-2016-8745

Medium priority

Some fixes available 9 of 15

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor...

3 affected packages

tomcat7, tomcat8, tomcat6

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2016-7953

Low priority

Some fixes available 17 of 22

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.

1 affected package

libxvmc

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libxvmc	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2016-9775

Medium priority

Some fixes available 9 of 12

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before...

3 affected packages

tomcat6, tomcat8, tomcat7

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected

CVE-2016-9774

Medium priority

Some fixes available 9 of 12

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before...

3 affected packages

tomcat7, tomcat6, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed

CVE-2016-8735

High priority

Some fixes available 11 of 13

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	Not in release	Not in release	Not in release	Not in release
tomcat7	—	Not in release	Not in release	Not in release	Not affected
tomcat8	—	Not in release	Not in release	Not in release	Fixed

CVE-2016-6816

Medium priority

Some fixes available 10 of 13

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat8	Not in release	Not in release	Not in release	Not in release	Fixed

CVE-2016-8706

High priority

Fixed

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

1 affected package

memcached

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
memcached	—	—	—	—	—

CVE-2016-8705

High priority

Fixed

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

1 affected package

memcached

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
memcached	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports