CVE search results

221 – 230 of 366 results

Detailed view

Sort by:

CVE-2016-5388

Low priority

Some fixes available 4 of 15

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat7	Not in release	Not in release	Not in release	Not in release	Vulnerable
tomcat8	Not in release	Not in release	Not in release	Not in release	Not affected

CVE-2016-3092

Medium priority

Some fixes available 8 of 13

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a...

5 affected packages

tomcat6, tomcat8, libcommons-fileupload-java, tomcat7, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Not in release
tomcat8	Not in release	Not in release	Not in release	Not in release	Not affected
libcommons-fileupload-java	Not affected	Not affected	Not affected	Not affected	Not affected
tomcat7	Not in release	Not in release	Not in release	Not in release	Not affected
tomcat9	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2016-0763

Medium priority

Some fixes available 5 of 8

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2016-0714

Medium priority

Some fixes available 5 of 8

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2016-0706

Medium priority

Some fixes available 5 of 8

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list,...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2015-5351

Medium priority

Some fixes available 3 of 6

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2015-5346

Low priority

Some fixes available 2 of 4

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	—
tomcat7	—	—	—	—	—
tomcat8	—	—	—	—	—

CVE-2015-5345

Low priority

Some fixes available 6 of 9

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected
tomcat9	—	—	—	—	Fixed

CVE-2015-5174

Low priority

Some fixes available 4 of 7

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent...

3 affected packages

tomcat6, tomcat7, tomcat8

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tomcat6	—	—	—	—	Not in release
tomcat7	—	—	—	—	Not affected
tomcat8	—	—	—	—	Not affected

CVE-2015-8367

Low priority

Some fixes available 1 of 95

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

8 affected packages

kodi, darktable, xbmc, exactimage, rawtherapee...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
kodi	Needs evaluation	Needs evaluation	Vulnerable	Vulnerable	Vulnerable
darktable	Not affected	Not affected	Not affected	Not affected	Not affected
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release
exactimage	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
rawtherapee	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
dcraw	Not affected	Not affected	Not affected	Not affected	Not affected
libraw	Not affected	Not affected	Not affected	Not affected	Not affected
ufraw	Not in release	Not in release	Not in release	Not in release	Not affected

Export to JSON

Results by page:

Search CVE reports