Threats Tagged 'ubuntu-pro-16-04-lts'
View all threats tagged with 'ubuntu-pro-16-04-lts'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ubuntu-pro-16-04-lts'
Click on any threat for detailed analysis and mitigation recommendations
USN-8134-1: pyasn1 vulnerabilities 0 Two vulnerabilities in the pyasn1 library can lead to denial of service by exhausting system resources when decoding malformed or maliciously crafted certificates. These issues arise from uncontrolled recursion during decoding attempts. The affected versions include specific Ubuntu package versions of pyasn1. No CVSS score is provided, and no known exploits are reported in the wild. Join the discussion | GCVE Database | 03/30/2026, 19:57:29 UTC Added: 07/16/2026, 10:40:20 UTC |
UBUNTU-CVE-2024-23672 0 A denial of service vulnerability exists in Apache Tomcat due to incomplete cleanup of WebSocket connections. WebSocket clients could keep connections open, causing increased resource consumption. This affects multiple Apache Tomcat versions from 8.5.0 through 8.5.98, 9.0.0-M1 through 9.0.85, 10.1.0-M1 through 10.1.18, and 11.0.0-M1 through 11.0.0-M16. Users are advised to upgrade to fixed versions 8.5.99, 9.0.86, 10.1.19, or 11.0.0-M17 to address the issue. Join the discussion | GCVE Database | 03/13/2024, 16:15:00 UTC Added: 07/16/2026, 10:40:17 UTC |
UBUNTU-CVE-2024-25177 0 LuaJIT versions through 2.1 and OpenRusty luajit2 before v2.1-20240314 contain a vulnerability involving unsinking of IR_FSTORE for NULL metatable, which can lead to a Denial of Service (DoS) condition. This issue affects multiple specific versions of LuaJIT as packaged in various Ubuntu releases. The vulnerability does not impact confidentiality or integrity but can cause application or system availability disruption. Join the discussion | GCVE Database | 07/07/2025, 17:15:00 UTC Added: 07/16/2026, 10:40:14 UTC |
UBUNTU-CVE-2024-25178 0 LuaJIT through version 2.1 and OpenRusty luajit2 before v2.1-20240314 contain an out-of-bounds read vulnerability in the stack-overflow handler located in lj_state.c. This vulnerability can lead to a high impact on confidentiality and availability without requiring user interaction or privileges. Multiple specific versions of LuaJIT are affected, including several Ubuntu package versions. No known exploits are reported in the wild at this time. Join the discussion | GCVE Database | 07/07/2025, 17:15:00 UTC Added: 07/16/2026, 10:40:14 UTC |
UBUNTU-CVE-2024-52316 0 A vulnerability in Apache Tomcat allows authentication bypass if a custom Jakarta Authentication ServerAuthContext component throws an exception without setting an HTTP failure status. No known Jakarta Authentication components currently behave this way. The issue affects multiple Apache Tomcat versions including 8.5.0 through 8.5.100, 9.0.0-M1 through 9.0.95, 10.1.0-M1 through 10.1.30, and 11.0.0-M1 through 11.0.0-M26. Users should upgrade to fixed versions 11.0.0, 10.1.31, or 9.0.96 to address this vulnerability. Join the discussion | GCVE Database | 11/18/2024, 12:15:00 UTC Added: 07/16/2026, 10:40:14 UTC |
UBUNTU-CVE-2024-54677 0 An uncontrolled resource consumption vulnerability exists in the examples web application provided with Apache Tomcat, which can lead to denial of service. This affects multiple Apache Tomcat versions including 8.5.0 through 8.5.100, 9.0.0.M1 through 9.9.97, 10.1.0-M1 through 10.1.33, and 11.0.0-M1 through 11.0.1. Users are advised to upgrade to fixed versions 11.0.2, 10.1.34, or 9.0.98 to remediate the issue. Join the discussion | GCVE Database | 12/17/2024, 13:15:00 UTC Added: 07/16/2026, 10:40:14 UTC |
UBUNTU-CVE-2024-56337 0 A Time-of-check Time-of-use (TOCTOU) race condition vulnerability exists in Apache Tomcat affecting multiple versions including 8.5.0 through 8.5.100, 9.0.0.M1 through 9.0.97, 10.1.0-M1 through 10.1.33, and 11.0.0-M1 through 11.0.1. The vulnerability relates to the default servlet write capability on case insensitive file systems and requires specific Java system property configurations to mitigate. Later Tomcat versions (9.0.99, 10.1.35, 11.0.3) include checks and default settings to address this issue. Users must configure the system property sun.io.useCanonCaches appropriately depending on their Java version to fully mitigate the vulnerability. Join the discussion | GCVE Database | 12/20/2024, 16:15:00 UTC Added: 07/16/2026, 10:40:11 UTC |
UBUNTU-CVE-2024-56643 0 In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline] [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline] [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Clean up the allocated memory in case of dccp_feat_push_confirm() failure and bail out with an error reset code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Join the discussion | GCVE Database | 12/27/2024, 15:15:00 UTC Added: 07/16/2026, 10:40:11 UTC |
UBUNTU-CVE-2025-31651 0 A vulnerability in Apache Tomcat allows bypassing certain rewrite rules under specific, unlikely configurations. This could lead to bypassing security constraints enforced by those rewrite rules. The issue affects multiple versions of Apache Tomcat, including versions from 8.5.0 through 8.5.100, 9.0.0.M1 through 9.0.102, 10.1.0-M1 through 10.1.39, and 11.0.0-M1 through 11.0.5. Users are advised to upgrade to a fixed version to address this vulnerability. Join the discussion | GCVE Database | 04/28/2025, 20:15:00 UTC Added: 07/16/2026, 10:40:11 UTC |
UBUNTU-CVE-2025-46701 0 An improper handling of case sensitivity vulnerability exists in Apache Tomcat's CGI servlet, allowing bypass of security constraints applied to the pathInfo component of a URI. This affects multiple Apache Tomcat versions including 11.0.0-M1 through 11.0.6, 10.1.0-M1 through 10.1.40, 9.0.0-M1 through 9.0.104, and some older EOL versions such as 8.5.0 through 8.5.100. The issue is fixed in versions 11.0.7, 10.1.41, and 9.0.105. Users should upgrade to these fixed versions to address the vulnerability. Join the discussion | GCVE Database | 05/29/2025, 19:15:00 UTC Added: 07/16/2026, 10:40:07 UTC |
Showing 1 to 10 of 152 results