Lucene search
K

134 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 1:22 p.m.21 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect watsonx.data

Summary Apache Tomcat is vulnerable to an unchecked error condition attack and to incorrect object re-cycling and re-use attack. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-52316 DESCRIPTION: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured...

9.8CVSS6.8AI score0.06287EPSS
Exploits2Affected Software1
NVD
NVD
added 2025/02/26 7:0 a.m.11 views

CVE-2022-49157

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume...

5.5CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/21 8:12 a.m.13 views

CVE-2025-0726 Eclipse ThreadX NetX Duo HTTP server denial of service

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

7.1CVSS0.00697EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.34 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-813)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-813 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for wri...

9.8CVSS7.2AI score0.43663EPSS
Exploits14References10
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.36 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-015)

The version of tomcat installed on the remote host is prior to 9.0.98-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-015 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE...

9.8CVSS7.2AI score0.43663EPSS
Exploits14References10
Snyk
Snyk
added 2025/01/14 6:43 p.m.2 views

Detection of Error Condition Without Action

Overview Affected versions of this package are vulnerable to Detection of Error Condition Without Action when files are being copied from a client to a server. This allows a server to leak the contents of an arbitrary file from the client's machine. Remediation A fix was pushed into the master...

6.9CVSS6.8AI score0.01761EPSS
Exploits1References2
Redos
Redos
added 2024/12/03 12:0 a.m.16 views

ROS-20240203-05

Apache Tomcat application server vulnerability is related to an unchecked error condition. Exploitation The vulnerability could allow an attacker acting remotely to bypass the authentication process and cause a denial of service Apache Tomcat application server vulnerability is related to...

9.8CVSS8.2AI score0.06287EPSS
Exploits2
NVD
NVD
added 2024/11/18 12:15 p.m.35 views

CVE-2024-52316

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

9.8CVSS0.06287EPSS
Exploits1References4
OSV
OSV
added 2024/11/18 12:15 p.m.33 views

CVE-2024-52316

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

9.8CVSS8.7AI score
Exploits0References4
Cvelist
Cvelist
added 2024/11/18 11:32 a.m.78 views

CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

0.06287EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/18 11:32 a.m.38 views

CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

8.7AI score0.06287EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/11/18 12:0 a.m.25 views

Apache Tomcat 9.0.92 < 9.0.96 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.96. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.96security-9 advisory. - Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the...

9.8CVSS7.5AI score0.06287EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2024/11/18 12:0 a.m.28 views

Apache Tomcat 11.0.0.M23 < 11.0.0 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.0security-11 advisory. - Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the...

9.8CVSS8AI score0.06287EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an error condition that was not handled correctly...

5.5CVSS6.5AI score0.00246EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an error condition that was not handled correctly...

5.5CVSS6.5AI score0.00236EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/08/20 12:0 a.m.19 views

EulerOS Virtualization 2.11.0 : curl (EulerOS-SA-2024-2189)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/12 12:25 p.m.16 views

CVE-2024-40928 net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtoolgetphystatsethtool Clang static checker scan-build warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null null dereference. Return '-EOPNOTSUPP' when...

6.7AI score0.00228EPSS
Exploits0References6
CVE
CVE
added 2024/07/12 12:25 p.m.113 views

CVE-2024-40928

CVE-2024-40928 – Linux kernel ethtool statistics fix : The issue arises from a null function pointer in ethtool_get_phy_stats when performing phy stats ioctl. The patch fixes the error handling by returning -EOPNOTSUPP when ops-&gt;get_ethtool_phy_stats is NULL, preventing a null-dereference in n...

5.5CVSS6.5AI score0.00228EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/07/12 12:25 p.m.29 views

CVE-2024-40928 net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtoolgetphystatsethtool Clang static checker scan-build warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null null dereference. Return '-EOPNOTSUPP' when...

0.00228EPSS
Exploits0References6
OSV
OSV
added 2024/07/12 12:25 p.m.36 views

CVE-2024-40928 net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtoolgetphystatsethtool Clang static checker scan-build warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null null dereference. Return '-EOPNOTSUPP' when...

5.5CVSS5.9AI score0.00228EPSS
Exploits0References9
Rows per page
Query Builder