MGASA-2024-0394 Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...

Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...

OESA-2024-2564 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

SUSE CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CVE-2024-50379

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

DEBIAN-CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

UBUNTU-CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CVE-2024-50379

CVE-2024-50379 is a TOCTOU race condition in JSP compilation on Apache Tomcat that can lead to RCE when the default servlet is writable on case-insensitive file systems. Affected lines include Tomcat 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97 (also some older EOL versions). The issu...

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CVE-2024-54534

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption...

PT-2025-39414

Name of the Vulnerable Software and Affected Versions TensorFlow version 2.18.0 Description TensorFlow version 2.18.0 exhibits a behavior where it outputs random results during the compilation of the Embedding component. This can lead to unpredictable application behavior. Recommendations At the...

CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2024-35250-BOF The Beacon Object File BOF implementati...

xorg-x11-server security update

1.20.11-26 - Fix regression caused by the fix for CVE-2024-31083 1.20.11-25 - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 - Add util-linux as a dependency of Xvfb - Fix compilation error on i686...

Fedora 38 : emacs (2022-cbc71cc4fe)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-cbc71cc4fe advisory. Automatic update for emacs-28.2-1.fc38. Changelog Tue Nov 1 2022 Dan ermk - 1:28.2-1 - New upstream release 28.2, fixes rhbz2126048 - Add patch to fix...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside the buffer in memory, allowing an attacker to cause a service failure.

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory during JIT-compilation. Exploiting this vulnerability can allow an attacker to cause service interruptions...

RLSA-2024:7699 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.16/128.3 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...