Search CVE reports
131 – 140 of 50086 results
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost...
1 affected package
libyaml-syck-perl
| Package | 16.04 LTS |
|---|---|
| libyaml-syck-perl | Ignored |
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | Ignored |
| tomcat7 | Ignored |
| tomcat8 | Needs evaluation |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | Ignored |
| tomcat7 | Ignored |
| tomcat8 | Needs evaluation |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | Ignored |
| tomcat7 | Ignored |
| tomcat8 | Needs evaluation |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | Ignored |
| tomcat7 | Ignored |
| tomcat8 | Needs evaluation |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request....
1 affected package
libwww-perl
| Package | 16.04 LTS |
|---|---|
| libwww-perl | Needs evaluation |
pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed...
1 affected package
pam
| Package | 16.04 LTS |
|---|---|
| pam | Not affected |
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was...
1 affected package
dovecot
| Package | 16.04 LTS |
|---|---|
| dovecot | Needs evaluation |
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam...
1 affected package
dovecot
| Package | 16.04 LTS |
|---|---|
| dovecot | Needs evaluation |
Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and...
1 affected package
dovecot
| Package | 16.04 LTS |
|---|---|
| dovecot | Needs evaluation |