Astra Linux - уязвимость в tomcat9

There is a vulnerability in Apache Tomcat when using the APR/Native connector, involving concurrent execution with shared resources and improper synchronization known as “race condition”. This issue is particularly noticeable during client-initiated closures of HTTP/2 connections. The vulnerabili...

Exploit for Double Free in Apache Http_Server

CVE-2026-23918-test This repository contains a Proof of Concep...

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

Atlassian Jira Service Management Data Center and Server 5.12.0 < 5.12.26 / 5.13.x < 10.3.16 (JSDSERVER-16499)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16499 advisory. - Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition'...

MiracleLinux 9 : apr-util-1.6.1-20.el9.1 (AXSA:2023-5974:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5974:02 advisory. apr-util: out-of-bounds writes in the aprbase64 CVE-2022-25147 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : apr-util-1.5.2-6.el7.1 (AXSA:2023-5435:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5435:01 advisory. apr-util: out-of-bounds writes in the aprbase64 CVE-2022-25147 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : apr-1.7.0-12.el9_3 (AXSA:2023-7043:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7043:05 advisory. apr: integer overflow/wraparound in aprencode CVE-2022-24963 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : apr-util-1.6.1-6.el8.1 (AXSA:2023-6139:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6139:03 advisory. apr-util: out-of-bounds writes in the aprbase64 CVE-2022-25147 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 3 : apr-1.2.7-11.AXS3.4 (AXSA:2011-195:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-195:01 advisory. The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many...

MiracleLinux 4 : httpd24-apr-1.5.1-1.AXS4.1 (AXSA:2018-2580:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2580:01 advisory. An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or...

EUVD-2021-12261

Malware in sbrugna...

EUVD-2009-1951

Malware in sbrugna...

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986134)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986134 advisory. Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This wa...

EUVD-2022-32315

Malicious code in bioql PyPI...

EUVD-2024-18561

Malicious code in bioql PyPI...

EUVD-2022-32072

Malicious code in bioql PyPI...

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

...

CVE-2023-21480

Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities...

PT-2025-35668

Name of the Vulnerable Software and Affected Versions: libaudiosaplus sec.so versions prior to SMR Apr-2023 Release 1 Description: An out-of-bounds write issue exists in the libaudiosaplus sec.so library. This can allow a local attacker to execute arbitrary code. Recommendations: Update...

Updated tomcat packages fix vulnerabilities

APR/Native Connector crash leading to DoS. CVE-2025-52434 DoS via integer overflow in multipart file upload. CVE-2025-52520 DoS via excessive h2 streams at connection start. CVE-2025-53506 H2 DoS - Made You Reset. CVE-2025-48989...