Search CVE reports
691 – 700 of 50657 results
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization...
1 affected package
mako
| Package | 16.04 LTS |
|---|---|
| mako | Not affected |
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools without restrictions on file system...
1 affected package
hugo
| Package | 16.04 LTS |
|---|---|
| hugo | Ignored |
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server....
1 affected package
spip
| Package | 16.04 LTS |
|---|---|
| spip | Ignored |
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve...
1 affected package
spip
| Package | 16.04 LTS |
|---|---|
| spip | Ignored |
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This...
3 affected packages
php-phpseclib, php-phpseclib3, phpseclib
| Package | 16.04 LTS |
|---|---|
| php-phpseclib | Ignored |
| php-phpseclib3 | — |
| phpseclib | Ignored |
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost...
1 affected package
libyaml-syck-perl
| Package | 16.04 LTS |
|---|---|
| libyaml-syck-perl | Ignored |
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure....
1 affected package
intel-microcode
| Package | 16.04 LTS |
|---|---|
| intel-microcode | Needs evaluation |
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54,...
6 affected packages
tomcat10, tomcat11, tomcat9, tomcat6, tomcat7, tomcat8
| Package | 16.04 LTS |
|---|---|
| tomcat10 | — |
| tomcat11 | — |
| tomcat9 | — |
| tomcat6 | Ignored |
| tomcat7 | Ignored |
| tomcat8 | Vulnerable |
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | Not affected |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | — |
| tomcat8 | Vulnerable |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |