Search CVE reports
171 – 180 of 43937 results
Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 22.04 LTS |
|---|---|
| tomcat6 | Not in release |
| tomcat7 | Not in release |
| tomcat8 | Not in release |
| tomcat9 | Needs evaluation |
| tomcat10 | Not in release |
| tomcat11 | Not in release |
Not in release
Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.
1 affected package
glassfish
| Package | 22.04 LTS |
|---|---|
| glassfish | Not in release |
In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of...
2 affected packages
jetty12, jetty9
| Package | 22.04 LTS |
|---|---|
| jetty12 | Not in release |
| jetty9 | Needs evaluation |
For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak.
2 affected packages
jetty12, jetty9
| Package | 22.04 LTS |
|---|---|
| jetty12 | Not in release |
| jetty9 | Needs evaluation |
Not in release
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the `filter_safe_tarinfos` validation in `keras/src/utils/file_utils.py`. Specifically, symlink entries are not...
1 affected package
keras
| Package | 22.04 LTS |
|---|---|
| keras | Not in release |
[GHSA-pjjp-65r7-ppgm: Out-of-bounds read and write in wrap_lines_measure]
1 affected package
libass
| Package | 22.04 LTS |
|---|---|
| libass | Needs evaluation |
[GHSA-5gf7-wjfm-vmvm: Out-of-bounds bit clears for negative Matroska ReadOrder values]
1 affected package
libass
| Package | 22.04 LTS |
|---|---|
| libass | Needs evaluation |
[OnionShare Receive mode writes uploaded files even when file uploads are disabled]
1 affected package
onionshare
| Package | 22.04 LTS |
|---|---|
| onionshare | Needs evaluation |
[OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]
1 affected package
onionshare
| Package | 22.04 LTS |
|---|---|
| onionshare | Needs evaluation |
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(),...
1 affected package
libcrypt-openssl-x509-perl
| Package | 22.04 LTS |
|---|---|
| libcrypt-openssl-x509-perl | Needs evaluation |