Search CVE reports
1781 – 1790 of 33882 results
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Needs evaluation |
| tomcat11 | Not in release |
Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Needs evaluation |
| tomcat11 | Not in release |
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 24.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Needs evaluation |
| tomcat11 | Not in release |
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image...
1 affected package
nova
| Package | 24.04 LTS |
|---|---|
| nova | Fixed |
Not in release
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC...
1 affected package
apache-arrow
| Package | 24.04 LTS |
|---|---|
| apache-arrow | Not in release |
[ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
1 affected package
gegl
| Package | 24.04 LTS |
|---|---|
| gegl | Needs evaluation |
[ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
1 affected package
gegl
| Package | 24.04 LTS |
|---|---|
| gegl | Needs evaluation |
Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative...
1 affected package
libcrypt-urandom-perl
| Package | 24.04 LTS |
|---|---|
| libcrypt-urandom-perl | Not affected |
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
3 affected packages
firefox, thunderbird, libvpx
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| libvpx | Fixed |
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Ignored |
| mozjs115 | Ignored |