Search CVE reports
701 – 710 of 50657 results
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117,...
6 affected packages
tomcat8, tomcat9, tomcat6, tomcat7, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat8 | Vulnerable |
| tomcat9 | — |
| tomcat6 | — |
| tomcat7 | — |
| tomcat10 | — |
| tomcat11 | — |
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...
6 affected packages
tomcat11, tomcat7, tomcat8, tomcat9, tomcat6, tomcat10
| Package | 16.04 LTS |
|---|---|
| tomcat11 | — |
| tomcat7 | Ignored |
| tomcat8 | Not affected |
| tomcat9 | — |
| tomcat6 | Ignored |
| tomcat10 | — |
Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end...
6 affected packages
tomcat10, tomcat11, tomcat7, tomcat8, tomcat9, tomcat6
| Package | 16.04 LTS |
|---|---|
| tomcat10 | — |
| tomcat11 | — |
| tomcat7 | Ignored |
| tomcat8 | Not affected |
| tomcat9 | — |
| tomcat6 | Ignored |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older,...
6 affected packages
tomcat7, tomcat8, tomcat6, tomcat10, tomcat11, tomcat9
| Package | 16.04 LTS |
|---|---|
| tomcat7 | Ignored |
| tomcat8 | Not affected |
| tomcat6 | Ignored |
| tomcat10 | — |
| tomcat11 | — |
| tomcat9 | — |
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request....
1 affected package
libwww-perl
| Package | 16.04 LTS |
|---|---|
| libwww-perl | Needs evaluation |
pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed...
1 affected package
pam
| Package | 16.04 LTS |
|---|---|
| pam | Not affected |
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was...
1 affected package
dovecot
| Package | 16.04 LTS |
|---|---|
| dovecot | Needs evaluation |
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam...
1 affected package
dovecot
| Package | 16.04 LTS |
|---|---|
| dovecot | Needs evaluation |
Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and...
1 affected package
dovecot
| Package | 16.04 LTS |
|---|---|
| dovecot | Needs evaluation |
Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection....
1 affected package
dovecot
| Package | 16.04 LTS |
|---|---|
| dovecot | Needs evaluation |