Search CVE reports
201 – 210 of 43971 results
Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 22.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Not in release |
| tomcat11 | Not in release |
Not in release
Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.
1 affected package
glassfish
| Package | 22.04 LTS |
|---|---|
| glassfish | Not in release |
In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of...
2 affected packages
jetty12, jetty9
| Package | 22.04 LTS |
|---|---|
| jetty12 | Not in release |
| jetty9 | Needs evaluation |
For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak.
2 affected packages
jetty12, jetty9
| Package | 22.04 LTS |
|---|---|
| jetty12 | Not in release |
| jetty9 | Needs evaluation |
Not in release
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the `filter_safe_tarinfos` validation in `keras/src/utils/file_utils.py`. Specifically, symlink entries are not...
1 affected package
keras
| Package | 22.04 LTS |
|---|---|
| keras | Not in release |
[GHSA-pjjp-65r7-ppgm: Out-of-bounds read and write in wrap_lines_measure]
1 affected package
libass
| Package | 22.04 LTS |
|---|---|
| libass | Needs evaluation |
[GHSA-5gf7-wjfm-vmvm: Out-of-bounds bit clears for negative Matroska ReadOrder values]
1 affected package
libass
| Package | 22.04 LTS |
|---|---|
| libass | Needs evaluation |
Some fixes available 1 of 3
A denial of service vulnerability exists in ASP.NET Core SignalR in .NET 8, .NET 9, and .NET 10. Stateful reconnect can be leveraged by an attacker to deny service to other users.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 22.04 LTS |
|---|---|
| dotnet6 | Vulnerable |
| dotnet7 | Ignored |
| dotnet8 | Fixed |
| dotnet9 | Not in release |
| dotnet10 | Not in release |
[OnionShare Receive mode writes uploaded files even when file uploads are disabled]
1 affected package
onionshare
| Package | 22.04 LTS |
|---|---|
| onionshare | Needs evaluation |
[OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]
1 affected package
onionshare
| Package | 22.04 LTS |
|---|---|
| onionshare | Needs evaluation |