Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/01 7:56 a.m.43 views

CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS0.00292EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...

7.5CVSS6.8AI score0.18114EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017612 advisory. When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers an...

7.5CVSS6.8AI score0.18114EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-25122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request heade...

7.5CVSS6.7AI score0.18114EPSS
Exploits1References2
OSV
OSV
added 2024/03/11 7:3 a.m.14 views

SUSE-SU-2024:0829-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2024-21733: Fixed leaking of unrelated request bodies in default error page bsc1219023, bsc1220503...

5.3CVSS5.7AI score0.14286EPSS
Exploits3References4
Amazon
Amazon
added 2023/09/25 12:0 a.m.7 views

Medium: tomcat

Issue Overview: A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. The highest...

7.5CVSS6.7AI score0.56636EPSS
Exploits15
OSV
OSV
added 2023/01/17 8:15 p.m.2 views

ALPINE-CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

5.3CVSS6.9AI score0.57941EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/09/09 6:18 a.m.4 views

tomcat: Request mix-up with h2c

A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. The highest threat from this...

7.5CVSS6.8AI score0.18114EPSS
Exploits1References8
OSV
OSV
added 2021/03/01 12:15 p.m.9 views

DEBIAN-CVE-2021-25122

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's...

7.5CVSS6.8AI score0.18114EPSS
Exploits1References1
Rows per page
Query Builder