Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 10 of 49 results

CVE-2024-34750

Medium priority
Needs evaluation

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22029

Medium priority
Needs evaluation

[Unknown description]

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-24549

Medium priority
Needs evaluation

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-23672

Medium priority
Needs evaluation

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release
tomcat6 Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-21733

Medium priority
Needs evaluation

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version...

5 affected packages

tomcat10, tomcat6, tomcat7, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release Not in release Not in release
tomcat6 Not in release Not in release Not in release Not in release Needs evaluation
tomcat7 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2023-46589

Medium priority
Needs evaluation

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer...

3 affected packages

tomcat10, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Not affected Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-45648

Medium priority
Needs evaluation

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer...

3 affected packages

tomcat10, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-42795

Medium priority
Needs evaluation

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through...

3 affected packages

tomcat10, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-42794

Medium priority
Needs evaluation

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a...

3 affected packages

tomcat10, tomcat8, tomcat9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tomcat10 Needs evaluation Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-44487

High priority

Some fixes available 24 of 78

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

26 affected packages

dotnet6, dotnet7, dotnet8, golang, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotnet6 Not in release Fixed Not in release Not in release Not in release
dotnet7 Not in release Fixed Not in release Not in release Not in release
dotnet8 Fixed Not affected Not in release Not in release Not in release
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Fixed Fixed Not in release Not in release
golang-1.21 Not affected Fixed Fixed Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
h2o Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
haproxy Not affected Not affected Not affected Needs evaluation Not affected
netty Not affected Fixed Fixed Not affected Not affected
nghttp2 Not affected Fixed Fixed Fixed Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 26 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON