Lucene search
K

50 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-5189

Malware in sbrugna...

5CVSS6.1AI score0.03002EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5728

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.0197EPSS
Exploits0References6
OSV
OSV
added 2025/07/10 10:46 a.m.32 views

BIT-TOMCAT-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.1, from 10.1.0 through 10.1.33, from 9.0.0 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0...

9.8CVSS6.7AI score0.43663EPSS
Exploits13References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.8 views

CVE-2020-5301

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

3.5CVSS6.7AI score0.00922EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2025/05/13 12:0 a.m.20 views

Fixed in Apache Tomcat 11.0.7

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

7.3CVSS7.6AI score0.02608EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2025/05/12 12:0 a.m.19 views

Fixed in Apache Tomcat 10.1.41

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

7.3CVSS7.6AI score0.02608EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-39134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...

8.2CVSS7.3AI score0.00576EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 3:6 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, caused by JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. CVE-2024-56337. Apache Tomcat is used by our...

9.8CVSS9.8AI score0.08856EPSS
Exploits13Affected Software1
Amazon
Amazon
added 2025/01/24 12:0 a.m.9 views

Important: tomcat

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS6.9AI score0.43663EPSS
Exploits14
RedHat Linux
RedHat Linux
added 2025/01/16 7:35 p.m.4 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.43663EPSS
Exploits13References5
Tenable Nessus
Tenable Nessus
added 2024/12/30 12:0 a.m.24 views

FreeBSD : Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation (ed0a052a-c5e6-11ef-a457-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ed0a052a-c5e6-11ef-a457-b42e991fc52e advisory. [email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for...

9.8CVSS7.2AI score0.43663EPSS
Exploits13References3
The Hacker News
The Hacker News
added 2024/12/24 6:6 a.m.23 views

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

The Apache Software Foundation ASF has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution RCE under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigati...

9.9CVSS8.4AI score0.43663EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.27 views

Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.97, 10.1.0-M1 to 10.1.33 or 11.0.0-M1 to 11.0.1. It is, therefore, affected by multiple vulnerabilities : - The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users...

9.8CVSS9.1AI score0.43663EPSS
Exploits13References4
Github Security Blog
Github Security Blog
added 2024/12/20 6:31 p.m.74 views

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...

9.8CVSS6.8AI score0.43663EPSS
Exploits13References9Affected Software3
RedhatCVE
RedhatCVE
added 2024/12/20 5:20 p.m.179 views

CVE-2024-56337

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

8.1CVSS9.3AI score0.43663EPSS
Exploits13References5
OSV
OSV
added 2024/12/20 4:15 p.m.34 views

CVE-2024-56337

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

9.8CVSS9.1AI score0.43663EPSS
Exploits13References4
CVE
CVE
added 2024/12/20 3:28 p.m.818 views

CVE-2024-56337

TOCTOU Race Condition in Apache Tomcat (CVE-2024-56337) affects 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97. The issue stems from TOCTOU vulnerability during JSP compilation/default servlet write on case-insensitive file systems. Incomplete mitigation previously for CVE-2024-50379; g...

9.8CVSS9.2AI score0.43663EPSS
Exploits13References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/20 3:28 p.m.65 views

CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

9.2AI score0.43663EPSS
Exploits13References2
Cvelist
Cvelist
added 2024/12/20 3:28 p.m.403 views

CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

0.43663EPSS
Exploits13References2
FreeBSD
FreeBSD
added 2024/12/20 12:0 a.m.32 views

Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation

[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...

9.8CVSS6.9AI score0.43663EPSS
Exploits13References1
Rows per page
Query Builder