Lucene search
K

38 matches found

OSV
OSV
added 2026/05/18 1:35 p.m.21 views

CLEANSTART-2026-MR27796 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708, CVE-2025-31650, CVE-2025-31651 applied in versions: 10.1.53-r0, 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0

Multiple security vulnerabilities affect the tomcat10 package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.5AI score0.73139EPSS
Exploits27References19
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2022-45143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some...

7.5CVSS7AI score0.02505EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.29 views

RHEL 9 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - tomcat: JsonErrorReportValve injection...

7.5CVSS8.2AI score0.73139EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.48 views

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Session fixation when using FORM authentication CVE-2019-17563 - tomcat: JsonErrorReportValve...

7.5CVSS7.8AI score0.87553EPSS
Exploits25References17
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 9 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Fix for CVE-2023-24998 was incomplete CVE-2023-28709 Note that Nessus has not tested for this issue but has...

7.5CVSS7.2AI score0.51547EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/11/24 12:0 a.m.55 views

Atlassian Confluence 7.13.x / 7.19.1 < 7.19.16 (CONFSERVER-93173)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93173 advisory. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values...

7.5CVSS7.5AI score0.02505EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 11:52 a.m.60 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Apache Tomcat that could allow a remote attacker to bypass security restrictions and obtain sensitive information, The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

7.5CVSS6.4AI score0.02505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 2:27 p.m.49 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-45143

Summary There is a vulnerability in Apache Tomcat could allow a remote attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apach...

7.5CVSS7.4AI score0.02505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 2:18 p.m.29 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Apache Tomcat (CVE-2022-45143).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Apache Tomcat caused by the JsonErrorReportValve function not escaping the type, message or description values CVE-2022-45143. Apache Tomcat is included as part of our speech...

7.5CVSS7.2AI score0.02505EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/27 12:0 a.m.36 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2)

The version of AOS installed on the remote host is prior to 6.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2 advisory. - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain...

8.8CVSS8.3AI score0.55367EPSS
Exploits49References51
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.24 views

Oracle MySQL Enterprise Monitor (Apr 2023 CPU)

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the MySQL Workbench product of Oracle MySQL component: Workbench OpenSSL. Supported versions that are affected are 8.0.32...

7.5CVSS7.3AI score0.04494EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2023/04/18 3:32 p.m.28 views

K000133390: Apache Tomcat vulnerability CVE-2022-45143

Security Advisory Description The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply...

7.5CVSS8.3AI score0.02505EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/04/17 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2023:1853-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.4AI score0.02505EPSS
Exploits0References4
Mageia
Mageia
added 2023/04/15 7:3 p.m.142 views

Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

7.5CVSS6.7AI score0.73139EPSS
Exploits21References12
Tenable Nessus
Tenable Nessus
added 2023/04/15 12:0 a.m.31 views

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2023:1853-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1853-1 advisory. - CVE-2022-45143: Fixed JsonErrorReportValve injection bsc1206840. Tenable has extracted the preceding description block...

7.5CVSS7AI score0.02505EPSS
Exploits0References4
OSV
OSV
added 2023/04/14 1:11 p.m.7 views

SUSE-SU-2023:1853-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2022-45143: Fixed JsonErrorReportValve injection bsc1206840...

7.5CVSS7.7AI score0.02505EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/04/12 12:30 p.m.47 views

Low: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.2 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.2 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.7AI score0.02505EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/12 12:0 a.m.37 views

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.2 (RHSA-2023:1663)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1663 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

7.5CVSS7.2AI score0.02505EPSS
Exploits0References7
Debian
Debian
added 2023/04/05 8:7 p.m.49 views

[SECURITY] [DSA 5381-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5381-1 [email protected] https://www.debian.org/security/ Markus Koschany April 05, 2023 https://www.debian.org/security/faq -...

7.5CVSS7.8AI score0.02505EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.24 views

Nutanix AOS : (NXSA-AOS-6.6.0.5)

The version of AOS installed on the remote host is prior to 6.6.0.5. It is, therefore, affected by a vulnerability as referenced in the NXSA-AOS-6.6.0.5 advisory. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0References2
Rows per page
Query Builder