Search CVE reports
31 – 40 of 48501 results
An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the...
1 affected package
wolfssl
| Package | 16.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte...
1 affected package
wolfssl
| Package | 16.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to...
1 affected package
activemq
| Package | 16.04 LTS |
|---|---|
| activemq | Needs evaluation |
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation...
1 affected package
osslsigncode
| Package | 16.04 LTS |
|---|---|
| osslsigncode | Needs evaluation |
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation...
1 affected package
osslsigncode
| Package | 16.04 LTS |
|---|---|
| osslsigncode | Needs evaluation |
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7...
1 affected package
osslsigncode
| Package | 16.04 LTS |
|---|---|
| osslsigncode | Needs evaluation |
[Unknown description]
1 affected package
activemq
| Package | 16.04 LTS |
|---|---|
| activemq | Needs evaluation |
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is...
1 affected package
hdf5
| Package | 16.04 LTS |
|---|---|
| hdf5 | Needs evaluation |
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53,...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | Needs evaluation |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through...
6 affected packages
tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11
| Package | 16.04 LTS |
|---|---|
| tomcat6 | Needs evaluation |
| tomcat7 | Needs evaluation |
| tomcat8 | Needs evaluation |
| tomcat9 | — |
| tomcat10 | — |
| tomcat11 | — |