geronimo:geronimo-tomcat (>=1.0 <=1.1.1), geronimo:geronimo-tomcat-builder (>=1.0 <=1.1.1) +17 more potentially affected by CVE-2026-41293 via tomcat:tomcat-coyote (>=5.5.15 <=5.5.9)

tomcat:tomcat-coyote MAVEN version =5.5.15, =1.0, =1.0, =1.1.1 - geronimo:tomcat =1.0 - org.apache.geronimo.assemblies:geronimo-tomcat-minimal =1.2-beta - org.apache.geronimo.configs:ca-helper-tomcat =1.2-beta - org.apache.geronimo.configs:dojo-tomcat =1.2-beta -...

acegisecurity:acegi-security-catalina (>=0.7.0 <=0.9.0), ch.qos.logback:logback-access (>=${parent.version} <=0.8) +40 more potentially affected by CVE-2026-43515 via tomcat:catalina (>=4.0.6 <=5.5.9)

tomcat:catalina MAVEN version =4.0.6, =0.7.0, =$parent.version, =0.6, =3.2.10-1-SP3seam2hibernate5, =1.5, =1.0, =1.0, =1.0.0, =4.7.1, =4.7.2 - org.apache.geronimo.assemblies:geronimo-tomcat-minimal =1.2-beta - org.apache.geronimo.configs:ca-helper-tomcat =1.2-beta -...

MiracleLinux 3 : geronimo-tomcat6-jee5-2.2-1.AXS3 (AXSA:2010-309:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-309:01 advisory. The goal of the Geronimo project is to produce a server runtime framework that pulls together the best Open Source alternatives to create runtimes th...

CVE-2007-4548

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with...

EUVD-2007-5066

Malware in sbrugna...

EUVD-2008-0742

Malware in sbrugna...

EUVD-2007-5767

Malware in sbrugna...

EUVD-2007-4531

Malware in sbrugna...

EUVD-2022-2738

Malicious code in bioql PyPI...

EUVD-2022-5291

Malicious code in bioql PyPI...

Security Bulletin: IBM QRadar SIEM is affected by cross-site scripting and denial of service (CVE-2025-33118, CVE-2011-5034, CVE-2024-25710, CVE-2024-26308)

Summary IBM QRadar SIEM is affected by stored cross-site scripting and denial of service. Apache Geronimo and Apache Commons Compress are affected by predictable hash collisions, infinite loop, and resource exhaustion. Vulnerability Details CVEID:CVE-2025-33118 DESCRIPTION: IBM QRadar SIEM is...

CVE-2008-0732

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories...

SUSE CVE-2007-5797

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database...

SUSE CVE-2008-0732

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories...

SUSE CVE-2008-5518

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...

SUSE CVE-2009-0039

Multiple cross-site request forgery CSRF vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that 1 change the web administration password, 2 upload application...

SUSE CVE-2009-0038

Multiple cross-site scripting XSS vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 ip, 3 username, or 4 description parameter to console/portal/Server/Monitorin...

SUSE CVE-2011-5034

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...

com.github.almex:weblets-demo (=1.1.3), org.apache.geronimo.assemblies:geronimo-jetty8-javaee6 (=3.0-M1) +18 more potentially affected by CVE-2010-2057 via org.apache.myfaces.core:myfaces-impl (=2.0.0)

org.apache.myfaces.core:myfaces-impl MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.myfaces.core:myfaces-impl and may be impacted: - com.github.almex:weblets-demo =1.1.3 -...

org.apache.geronimo.assemblies:geronimo-framework (>=3.0-beta-1 <=3.0.0), org.apache.geronimo.assemblies:geronimo-jetty8-javaee6 (=3.0-beta-1) +188 more potentially affected by CVE-2013-1777 via org.apache.geronimo.framework:geronimo-jmx-remoting (>=3.0-beta-1 <=3.0.0)

org.apache.geronimo.framework:geronimo-jmx-remoting MAVEN version =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2013-1777 Source advisory:...