Search CVE reports
311 – 320 of 366 results
Some fixes available 2 of 6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows...
3 affected packages
tomcat5, tomcat5.5, tomcat6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat5 | — | — | — | — | — |
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
Some fixes available 2 of 6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2)...
3 affected packages
tomcat5, tomcat5.5, tomcat6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat5 | — | — | — | — | — |
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
Some fixes available 2 of 6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL...
3 affected packages
tomcat5, tomcat5.5, tomcat6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat5 | — | — | — | — | — |
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
Some fixes available 2 of 6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a...
3 affected packages
tomcat5, tomcat5.5, tomcat6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat5 | — | — | — | — | — |
| tomcat5.5 | — | — | — | — | — |
| tomcat6 | — | — | — | — | — |
The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the...
1 affected package
memcached
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| memcached | — | — | — | — | — |
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc...
2 affected packages
memcached, memcachedb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| memcached | — | — | — | — | — |
| memcachedb | — | — | — | — | — |
Some fixes available 2 of 6
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers...
2 affected packages
tomcat6, tomcat5.5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat6 | — | — | — | — | — |
| tomcat5.5 | — | — | — | — | — |
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to...
2 affected packages
tomcat4, tomcat5.5
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tomcat4 | — | — | — | — | — |
| tomcat5.5 | — | — | — | — | — |
The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.
1 affected package
xmcd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xmcd | — | — | — | — | — |
Some fixes available 2 of 23
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote...
10 affected packages
ampache, gforge-plugin-scmcvs, libphp-snoopy, magpierss, mahara...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ampache | — | — | — | — | — |
| gforge-plugin-scmcvs | — | — | — | — | — |
| libphp-snoopy | — | — | — | — | — |
| magpierss | — | — | — | — | — |
| mahara | — | — | — | — | — |
| mediamate | — | — | — | — | — |
| moodle | — | — | — | — | — |
| opendb | — | — | — | — | — |
| pixelpost | — | — | — | — | — |
| wordpress | — | — | — | — | — |