SUSE-SU-2024:1204-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream bsc1221386 - CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open bsc1221385 Other fixes: - Update to Tomcat 10.1....

Fixed in Apache Tomcat 11.0.0-M17

Important: Denial of Service CVE-2024-23672 It was possible for a WebSocket client to keep a WebSocket connection open leading to increased resource consumption. This was fixed with commit b0e3b1bd. This issue was identified by the Tomcat Security Team on 17 January 2024. The issue was made publi...

Oracle Linux 7 : tomcat (ELSA-2019-2205)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2205 advisory. - Resolves: rhbz1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz1552375 CVE-2018-1304 tomcat: Incorrect handling of emp...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. - aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data...

Malicious code in websocket-cliet (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 06412b694edd65cdb47e2702e6629ceb27ac0ab4d17846860a687a380d14c94c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in wbesocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c6c60c6db0775d255cacd994abea177ff1e76ffe4a4342cce2b5b0c17861f481 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocket-cllient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx db7751b36861392ace123440141ea620167cf864cb8690f562a26d303f21245e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2419 Malicious code in wwebsocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c5641c17f0936710ba606db1f88a8a964d11f352cebacdcec2c1bf55889debfa Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2359 Malicious code in wbesocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c6c60c6db0775d255cacd994abea177ff1e76ffe4a4342cce2b5b0c17861f481 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2393 Malicious code in websocket-cllient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx db7751b36861392ace123440141ea620167cf864cb8690f562a26d303f21245e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2394 Malicious code in websocket-lcient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 06fe78dfaf7de4fc0f3b80d29f70f2adfac22a5446be0781ebadd88b23a66f2f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websockket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 210c20f938d130131433fb60e01dc785b9036b14dc1181a1c71839013e80b26c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocket-lcient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 06fe78dfaf7de4fc0f3b80d29f70f2adfac22a5446be0781ebadd88b23a66f2f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websoket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 927f32cb8d7dce3b04539d688c8c5d5917fcfad305a321a7deade069388b410d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2383 Malicious code in websocket-cient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ac94b737cfa799516c0c831332c0d3406bf24089725787a5a884703605f8af9a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2417 Malicious code in wesocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7eadcb411e8d5861ac9390ee335fc77fb5ac4eab3d83c72290380c882bad7624 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocket-clinet (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6638db5357088a77a9ccb3e2f2754c8ba7c10746f703e3ae4b586548318faeef Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocekt-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 166b4c5ab30ebff656594ee070f13b90d9f7210ebb072eb3cb3627a198c8ec30 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocet-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx def6cdda3e16e392e575914ced25e522c3bcb3ca50d8228652a805cc7ee4ae51 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocket-clietn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 81783882612ba7b6fae545c40b498a476222def4eab8e8b779ff41cefcb93e3d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...