tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

tomcat security update

1:9.0.87-1.el810.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-31650 - Resolves: RHEL-71971 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337...

tomcat security update

1:9.0.87-3.el96.1 - Resolves: RHEL-91765 tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-31650 - Resolves: RHEL-71981 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 1:9.0.87-3 - Resolves: RHEL-82945 tomcat: Potential RCE and/or...

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

CVE-2025-52473 liboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels...

BIT-TOMCAT-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0 through 11.0.1, from 10.1.0...

DEBIAN-CVE-2025-38286

In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91gpioprobe doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpiochips array with...

The vulnerability of the bpf_jit_build_prologue() function in the arch/powerpc/net/bpf_jit_comp32.c network support module on the PowerPC platform of the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bpfjitbuildprologue function in the arch/powerpc/net/bpfjitcomp32.c file, a network support module for the PowerPC platform of the Linux operating system, relates to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to compromise the...

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...

CVE-2019-9977

The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants...

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

webkit2gtk3 security update

2.48.2-1 - Update to 2.48.2 - Reenable JIT...

CVE-2006-7216

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables...

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

Do Not Install Development and Compilation Tools

Compilation tools in the service environment may be exploited by attackers to edit, tamper with, and perform reverse analysis on key files in the environment. Therefore, in the production environment, do not install compilation, decompilation, binary analysis tools, and compilation environments...

CVE-2025-37893

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in buildprologue Vincent reported that running BPF progs with tailcalls on LoongArch causes kernel hard lockup. Debugging the issues shows that the JITed image missing a jirl instruction at th...

CVE-2025-37893

The CVE-2025-37893 issue affects the Linux kernel’s LoongArch BPF JIT path. Debugging shows that when BPF programs mix bpf2bpf and tailcalls, build_prologue() can generate N instructions in the first pass and N+1 in the second, causing epilogue_offset to be off by one. This can cause the JITed ep...