Search CVE reports

21 – 30 of 324 results

Detailed view

Sort by:

CVE-2023-42794

Medium priority

Needs evaluation

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a...

3 affected packages

tomcat10, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat10	Needs evaluation	Not in release	Not in release	Ignored	Ignored
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2023-44487

High priority

Some fixes available 16 of 51

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

13 affected packages

dotnet6, dotnet7, dotnet8, h2o, haproxy...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
dotnet6	Not in release	Fixed	Not in release	Not in release	Not in release
dotnet7	Not in release	Fixed	Not in release	Not in release	Not in release
dotnet8	Fixed	Not affected	Not in release	Not in release	Not in release
h2o	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
haproxy	Not affected	Not affected	Not affected	Needs evaluation	Not affected
netty	Not affected	Fixed	Fixed	Not affected	Not affected
nghttp2	Not affected	Fixed	Fixed	Fixed	Fixed
nginx	Not affected	Not affected	Not affected	Not affected	Not affected
nodejs	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tomcat10	Needs evaluation	Not in release	Not in release	Ignored	Ignored
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
trafficserver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-4132

Medium priority

Needs evaluation

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	—	Not in release	Not in release	Not in release	Needs evaluation
tomcat7	—	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	—	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2023-41080

Medium priority

Needs evaluation

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2022-48571

Medium priority

Fixed

memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.

1 affected packages

memcached

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
memcached	—	Not affected	Fixed	Fixed	Fixed

CVE-2020-22628

Medium priority

Some fixes available 1 of 47

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
dcraw	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
digikam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
exactimage	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
kodi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libraw	Not affected	Not affected	Fixed	Needs evaluation	Needs evaluation
rawtherapee	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ufraw	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2020-22570

Medium priority

Not affected

Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.

1 affected packages

memcached

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
memcached	—	Not affected	Not affected	Not affected	Not affected

CVE-2023-34981

Medium priority

Needs evaluation

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant...

4 affected packages

tomcat6, tomcat7, tomcat8, tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
tomcat7	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2023-28709

Medium priority

Needs evaluation

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be...

1 affected packages

tomcat9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2023-1729

Medium priority

Some fixes available 6 of 58

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
dcraw	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
digikam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
exactimage	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
kodi	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libraw	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation
rawtherapee	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ufraw	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
xbmc	Not in release	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page: