Infinite loop

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Infinite loop via the Comment module. An attacker can trigger excessive resource consumption by making repeated comment reply...

UBUNTU-CVE-2024-11941

A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal versions 8.0.X prior to 10.1.8 and 10.2.X prior to 10.2.2, which stems from a vulnerability that allows for over-allocation...

Apache Tomcat 10.1.8 Information Disclosure

The version of Apache Tomcat installed on the remote host is 8.5.88, 9.0.74, 10.1.8 or 11.0.0-M5. The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which i...

Apache Tomcat 11.0.0-M5 Information Disclosure

The version of Apache Tomcat installed on the remote host is 8.5.88, 9.0.74, 10.1.8 or 11.0.0-M5. The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which i...

GHSA-MPPV-79CH-VW6Q Apache Tomcat vulnerable to information leak

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS message would be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

Apache Tomcat 安全漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from the presence of an information disclosure vulnerability...

PT-2023-4472 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M5, 10.1.8, 9.0.74, and 8.5.88 Description: A regression in the fix for bug 66512 in Apache Tomcat meant that, if a response did not include any HTTP headers, no AJP SEND HEADERS message would be sent for the...

Fixed in Apache Tomcat 10.1.9

Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...

CVE-2021-39063

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956...

CVE-2020-4496

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046...

CVE-2021-39057

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616...

CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791...

CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791...

Denial of service

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791...

CVE-2021-20490

CVE-2021-20490 affects IBM Spectrum Protect Plus (versions 10.1.0–10.1.8). The root cause is insecure file permission settings due to not setting the sticky bit on certain directories, allowing a local user to cause a Denial of Service. Remediation is to apply the 10.1.8 patch (patch 1); after in...

Security Bulletin: IBM Spectrum Protect Plus has Insecure File Permissions due to not setting the Sticky Bit (CVE-2021-20490)

Summary IBM Spectrum Protect Plus has several directories that are failing security scans due to the sticky bit not being set on world-writable files. Vulnerability Details CVEID: CVE-2021-20490 DESCRIPTION: IBM Spectrum Protect Plus could allow a local user to cause a denial of service due to...

Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus Microsoft File Systems backup and restore log files (CVE-2021-20536)

Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore log files may contain sensitive information. Vulnerability Details CVEID: CVE-2021-20536 DESCRIPTION: IBM Spectrum Protect Plus File Systems Agent stores potentially sensitive information in log files that could be read ...

Security Bulletin: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854)

Summary IBM Spectrum Protect Plus contains hard-coded credentials which could allow a remote attacker to gain elevated privileges. UPDATED: 24 February 2021 - Remediation/Fixes section updated with additional vSnap requirements for upgrading to 10.1.7. UPDATED: 23 April 2021 - Added 10.1.8 fix...

Security Bulletin: Cross-Origin Resource Sharing (CORS) vulnerability in IBM Spectrum Protect Plus (CVE-2021-20432)

Summary Cross-Origin Resource Sharing CORS vulnerability in IBM Spectrum Protect Plus may allow privileged actions and retrieval of sensitive information. Vulnerability Details CVEID: CVE-2021-20432 DESCRIPTION: IBM Spectrum Protect Plus uses Cross-Origin Resource Sharing CORS which could allow a...