EUVD-2019-13484

Malware in sbrugna...

EUVD-2019-18377

Malware in sbrugna...

EUVD-2022-4638

Malicious code in bioql PyPI...

SUSE CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update

Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CV...

RHEL 8 / 9 : Red Hat JBoss Web Server 6.0.3 (RHSA-2024:4976)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4976 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

Apache Tomcat 8.0.0.RC1 < 8.0.41

The version of Tomcat installed on the remote host is prior to 8.0.41. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.41security-8 advisory. - A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to...

Apache Tomcat 9.0.0.M1 < 9.0.0.M15

The version of Tomcat installed on the remote host is prior to 9.0.0.M15. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m15security-9 advisory. - A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to...

Apache Tomcat 7.0.0 < 7.0.75

The version of Tomcat installed on the remote host is prior to 7.0.75. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.75security-7 advisory. - A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.7 release and security update

Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...

org.apache.tomcat:tomcat-catalina Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.2, 9.2.3 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update

Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

Atlassian Confluence 7.13.15 < 7.13.19 / 7.19.7 < 7.19.11 / 8.1.1 < 8.4.1 DoS (CONFSERVER-90185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-90185 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...

Apache Tomcat - Fix for CVE-2023-24998 was incomplete

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2023:2505-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2505-1 advisory. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

Updated tomcat packages fix security vulnerability

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

MGASA-2023-0191 Updated tomcat packages fix security vulnerability

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2023:2318-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2318-1 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.8...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2023:2319-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2319-1 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...

Apache Tomcat 9.0.71 < 9.0.74 Denial Of Service

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.87, 9.0.71 to 9.0.73, 10.1.5 to 10.1.7 or 11.0.0-M2 to 11.0.0-M4. The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query...