Search CVE reports
1 – 10 of 50428 results
(Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...)
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | Not affected |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
(Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...)
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | Vulnerable |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted...
1 affected package
keystone
| Package | 16.04 LTS |
|---|---|
| keystone | Needs evaluation |
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary...
1 affected package
keystone
| Package | 16.04 LTS |
|---|---|
| keystone | Needs evaluation |
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the...
1 affected package
keystone
| Package | 16.04 LTS |
|---|---|
| keystone | Needs evaluation |
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in...
1 affected package
erlang
| Package | 16.04 LTS |
|---|---|
| erlang | Needs evaluation |
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to...
1 affected package
erlang
| Package | 16.04 LTS |
|---|---|
| erlang | Needs evaluation |
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In...
1 affected package
erlang
| Package | 16.04 LTS |
|---|---|
| erlang | Needs evaluation |
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of...
2 affected packages
bzip2, clamav
| Package | 16.04 LTS |
|---|---|
| bzip2 | Needs evaluation |
| clamav | Not affected |
libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than...
1 affected package
libusb
| Package | 16.04 LTS |
|---|---|
| libusb | Needs evaluation |