MiracleLinux 3 : geronimo-tomcat6-jee5-2.2-1.AXS3 (AXSA:2010-309:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-309:01 advisory. The goal of the Geronimo project is to produce a server runtime framework that pulls together the best Open Source alternatives to create runtimes th...

CVE-2007-4548

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with...

EUVD-2007-5066

Malware in sbrugna...

EUVD-2008-0742

Malware in sbrugna...

EUVD-2007-5767

Malware in sbrugna...

EUVD-2007-4531

Malware in sbrugna...

EUVD-2022-2738

Malicious code in bioql PyPI...

EUVD-2022-5291

Malicious code in bioql PyPI...

Security Bulletin: IBM QRadar SIEM is affected by cross-site scripting and denial of service (CVE-2025-33118, CVE-2011-5034, CVE-2024-25710, CVE-2024-26308)

Summary IBM QRadar SIEM is affected by stored cross-site scripting and denial of service. Apache Geronimo and Apache Commons Compress are affected by predictable hash collisions, infinite loop, and resource exhaustion. Vulnerability Details CVEID:CVE-2025-33118 DESCRIPTION: IBM QRadar SIEM is...

CVE-2008-0732

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories...

SUSE CVE-2007-5797

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database...

SUSE CVE-2008-5518

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...

SUSE CVE-2009-0038

Multiple cross-site scripting XSS vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 ip, 3 username, or 4 description parameter to console/portal/Server/Monitorin...

org.apache.geronimo.assemblies:geronimo-framework (>=3.0-beta-1 <=3.0.0), org.apache.geronimo.assemblies:geronimo-jetty8-javaee6 (=3.0-beta-1) +188 more potentially affected by CVE-2013-1777 via org.apache.geronimo.framework:geronimo-jmx-remoting (>=3.0-beta-1 <=3.0.0)

org.apache.geronimo.framework:geronimo-jmx-remoting MAVEN version =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2013-1777 Source advisory:...

Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

GHSA-V64W-96P6-FX7W Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

Improper Input Validation in Apache Axis2

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...

GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...

GHSA-XM92-RF24-H74W Apache Geronimo Application Server multiple directory traversal vulnerabilities

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...

Apache Geronimo Application Server multiple directory traversal vulnerabilities

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...