Search CVE reports
1 – 10 of 324 results
CVE-2024-34750
Medium priorityImproper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-38357
Medium priorityTinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed...
2 affected packages
roundcube, tinymce
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| roundcube | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tinymce | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-38356
Medium priorityTinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing...
2 affected packages
roundcube, tinymce
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| roundcube | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tinymce | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-45925
Medium priority** DISPUTED ** GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as...
1 affected packages
mc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| mc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-22029
Medium priority[Unknown description]
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-24549
Medium priorityDenial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-23672
Medium priorityDenial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | — | — |
| tomcat6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2023-27517
Medium priorityImproper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
1 affected packages
ipmctl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ipmctl | Not affected | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2024-21733
Medium priorityGeneration of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version...
5 affected packages
tomcat10, tomcat6, tomcat7, tomcat8, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tomcat10 | Needs evaluation | Not in release | Not in release | Not in release | Not in release |
| tomcat6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| tomcat7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| tomcat9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2024-21911
Medium priorityTinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in...
1 affected packages
tinymce
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tinymce | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |