EUVD-2024-2356

Malicious code in bioql PyPI...

Cross-Site Scripting (XSS)

org.apache.nifi, nifi-web-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation/sanitization for the description field in the Parameter Context configuration, allowing arbitrary JavaScript code to be executed by the client browser within the sessi...

Update Tomcat to 8.5.34 to avoid CVE-2018-11784

h4. Open redirect in default servlet CVE-2018-11784|https://access.redhat.com/security/cve/cve-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user...

tomcat: Remote Code Execution via JSP Upload

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

CentOS Update for tomcat CESA-2017:3081 centos7

Check the version of tomcat Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

Fixed in Apache Tomcat 6.0.45

Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...

Apache Tomcat Directory Traversal

Vulnerability description: An input validation error can be exploited to download arbitrary files via directory traversal attacks. Successful exploitation requires that a context is configured with allowLinking="true" and that the connector is configured with URIEncoding="UTF-8". Affected version...