Search CVE reports
251 – 260 of 43096 results
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 18.04 LTS |
|---|---|
| tomcat6 | — |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | Needs evaluation |
| tomcat10 | — |
| tomcat11 | — |
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can...
1 affected package
gnutls28
| Package | 18.04 LTS |
|---|---|
| gnutls28 | Not affected |
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to...
1 affected package
activemq
| Package | 18.04 LTS |
|---|---|
| activemq | Needs evaluation |