Search CVE reports
3101 – 3110 of 45786 results
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and...
1 affected package
libcatalyst-plugin-session-perl
| Package | 16.04 LTS |
|---|---|
| libcatalyst-plugin-session-perl | Needs evaluation |
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will...
1 affected package
libauthen-sasl-perl
| Package | 16.04 LTS |
|---|---|
| libauthen-sasl-perl | Needs evaluation |
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1,...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | — |
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come...
1 affected package
libplack-middleware-session-perl
| Package | 16.04 LTS |
|---|---|
| libplack-middleware-session-perl | Needs evaluation |
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled...
1 affected package
xen
| Package | 16.04 LTS |
|---|---|
| xen | Needs evaluation |
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | — |
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because...
1 affected package
vim
| Package | 16.04 LTS |
|---|---|
| vim | Ignored |
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because...
1 affected package
vim
| Package | 16.04 LTS |
|---|---|
| vim | Ignored |
Some fixes available 1 of 2
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM...
13 affected packages
openjdk-8, openjdk-9, openjdk-lts, openjdk-13, openjdk-16...
| Package | 16.04 LTS |
|---|---|
| openjdk-8 | Fixed |
| openjdk-9 | Ignored |
| openjdk-lts | — |
| openjdk-13 | — |
| openjdk-16 | — |
| openjdk-17 | — |
| openjdk-17-crac | — |
| openjdk-18 | — |
| openjdk-19 | — |
| openjdk-21 | — |
| openjdk-21-crac | — |
| openjdk-24 | — |
| openjdk-25 | — |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access...
11 affected packages
mysql-5.5, mysql-5.7, mysql-8.0, mysql-8.4, mariadb...
| Package | 16.04 LTS |
|---|---|
| mysql-5.5 | — |
| mysql-5.7 | Ignored |
| mysql-8.0 | — |
| mysql-8.4 | — |
| mariadb | — |
| mariadb-10.0 | Not affected |
| mariadb-10.1 | — |
| mariadb-10.3 | — |
| mariadb-10.6 | — |
| percona-xtradb-cluster-5.6 | Needs evaluation |
| percona-server-5.6 | Needs evaluation |