134 matches found
Security Bulletin: Vulnerabilities in Apache Tomcat affect watsonx.data
Summary Apache Tomcat is vulnerable to an unchecked error condition attack and to incorrect object re-cycling and re-use attack. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-52316 DESCRIPTION: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured...
CVE-2022-49157
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume...
CVE-2025-0726 Eclipse ThreadX NetX Duo HTTP server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-813)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-813 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for wri...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-015)
The version of tomcat installed on the remote host is prior to 9.0.98-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-015 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE...
Detection of Error Condition Without Action
Overview Affected versions of this package are vulnerable to Detection of Error Condition Without Action when files are being copied from a client to a server. This allows a server to leak the contents of an arbitrary file from the client's machine. Remediation A fix was pushed into the master...
ROS-20240203-05
Apache Tomcat application server vulnerability is related to an unchecked error condition. Exploitation The vulnerability could allow an attacker acting remotely to bypass the authentication process and cause a denial of service Apache Tomcat application server vulnerability is related to...
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...
Apache Tomcat 9.0.92 < 9.0.96 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.96. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.96security-9 advisory. - Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the...
Apache Tomcat 11.0.0.M23 < 11.0.0 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 11.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.0security-11 advisory. - Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an error condition that was not handled correctly...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an error condition that was not handled correctly...
EulerOS Virtualization 2.11.0 : curl (EulerOS-SA-2024-2189)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...
CVE-2024-40928 net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtoolgetphystatsethtool Clang static checker scan-build warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null null dereference. Return '-EOPNOTSUPP' when...
CVE-2024-40928
CVE-2024-40928 – Linux kernel ethtool statistics fix : The issue arises from a null function pointer in ethtool_get_phy_stats when performing phy stats ioctl. The patch fixes the error handling by returning -EOPNOTSUPP when ops->get_ethtool_phy_stats is NULL, preventing a null-dereference in n...
CVE-2024-40928 net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtoolgetphystatsethtool Clang static checker scan-build warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null null dereference. Return '-EOPNOTSUPP' when...
CVE-2024-40928 net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtoolgetphystatsethtool Clang static checker scan-build warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null null dereference. Return '-EOPNOTSUPP' when...