Search CVE reports
71 – 80 of 42294 results
[Unknown description]
1 affected package
graphicsmagick
| Package | 20.04 LTS |
|---|---|
| graphicsmagick | Needs evaluation |
A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman...
1 affected package
ruby-foreman
| Package | 20.04 LTS |
|---|---|
| ruby-foreman | Needs evaluation |
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker who passes a crafted string to...
1 affected package
node-brace-expansion
| Package | 20.04 LTS |
|---|---|
| node-brace-expansion | Needs evaluation |
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw...
1 affected package
sssd
| Package | 20.04 LTS |
|---|---|
| sssd | Needs evaluation |
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences but fails to account for...
1 affected package
nltk
| Package | 20.04 LTS |
|---|---|
| nltk | Needs evaluation |
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 20.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | — |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat:...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 20.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | — |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 20.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | — |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat:...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 20.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | — |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 20.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | — |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |