Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 13.08%
  • Veröffentlicht 25.02.2016 01:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric...

  • EPSS 6.23%
  • Veröffentlicht 25.02.2016 01:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut...

  • EPSS 9.21%
  • Veröffentlicht 25.02.2016 01:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protec...

  • EPSS 10.57%
  • Veröffentlicht 25.02.2016 01:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to ...

  • EPSS 18.38%
  • Veröffentlicht 25.02.2016 01:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence o...

  • EPSS 12.56%
  • Veröffentlicht 25.02.2016 01:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.....

  • EPSS 2.79%
  • Veröffentlicht 23.02.2016 19:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown...

  • EPSS 3.95%
  • Veröffentlicht 23.02.2016 19:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

  • EPSS 4.21%
  • Veröffentlicht 23.02.2016 19:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown...

  • EPSS 2.78%
  • Veröffentlicht 18.02.2016 21:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.