28 matches found
EUVD-2018-8960
Malware in sbrugna...
EUVD-2018-3778
Malicious code in bioql PyPI...
EUVD-2025-21045
Malicious code in bioql PyPI...
EUVD-2022-1215
Malicious code in bioql PyPI...
Debian dla-4244 : libtomcat9-embed-java - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4244 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4244-1 [email protected]...
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...
CVE-2025-52434
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...
CVE-2025-52434 Apache Tomcat: APR/Native Connector crash leading to DoS
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...
CVE-2025-52434
CVE-2025-52434 is a race-condition DoS in Apache Tomcat when using the APR/Native connector, observed in Tomcat 9.0.0.M1 through 9.0.106 (including older EOL lines) and potentially affecting selected Tomcat 8.x/11.x/10.x configurations via related advisories. The National Vulnerability Database d...
CVE-2025-52434 Apache Tomcat: APR/Native Connector crash leading to DoS
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...
PT-2025-28238
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.106 Description: A race condition exists due to concurrent execution using a shared resource with improper synchronization when using the APR/Native connector. This issue is particularly noticeable...
[SECURITY] [DLA 3780-1] jetty9 security update
Debian LTS Advisory DLA-3780-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 06, 2024 https://wiki.debian.org/LTS Package : jetty9 Version : 9.4.50-4+deb10u2 CVE ID : CVE-2024-22201 Debian Bug : 1064923 Jetty 9 is a Java based web server and servlet engine...
Ubuntu: Security Advisory (USN-6506-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6506-1: Apache HTTP Server vulnerabilities
David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2023-31122 Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and...
K86612211: Apache vulnerability CVE-2018-17189
Security Advisory Description In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
CVE-2022-39271 Traefik HTTP/2 connections management could cause a denial of service
Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...
Header leakage on cross-domain redirects
This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching t...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2311)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KLA12364 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in modsessioncookie can be exploited to spoof user interface. 2...
Oracle Secure Global Desktop Multiple Vulnerabilities (January 2019 CPU)
The version of Oracle Secure Global Desktop installed on the remote host is 5.4 and is missing a security patch from the January 2019 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in Apache HTTP Server 2.4.17 to...