EUVD-2022-4608

Malicious code in bioql PyPI...

EUVD-2022-4355

Malicious code in bioql PyPI...

Debian dla-4299 : jetty9 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4299 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4299-1 [email protected] https://www.debian.org/lts/security/...

CVE-2009-5046

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...

CVE-2009-5049

WebApp JSP Snoop page XSS in jetty though 6.1.21...

**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

GHSA-Q4RV-GQ96-W7C5 **UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

Eclipse Jetty DoS Vulnerability (GHSA-7hcf-ppf8-5w5h) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

SUSE CVE-2006-2759

jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...

ch.qos.logback:logback-access (>=${parent.version} <=0.8), ch.qos.logback:logback-examples (>=0.6 <=0.8) +933 more potentially affected by CVE-2009-4611 via org.mortbay.jetty:jetty (>=6.0.0 <=6.1.22)

org.mortbay.jetty:jetty MAVEN version =6.0.0, =$parent.version, =0.6, =0.1.0, =0.2.2, =2.8.1, =3.4.0, =4.2.0, =1.4.42g, =4.2.1, =4.3.0, =4.3.0, =4.2.1, =4.5.1 and more Source cves: CVE-2009-4611 Source advisory: OSV:GHSA-6JXP-7G74-2RC3...

ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +4639 more potentially affected by CVE-2007-5613 via org.mortbay.jetty:jetty (>=6.0.0 <=6.1.5rc0)

org.mortbay.jetty:jetty MAVEN version =6.0.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.6.0, =3.20.0.2, =3.20.0.2, =3.20.0.2, =3.20.0.2, =3.8.3.3, =3.42.0.4 and more Source cves: CVE-2007-5613 Source advisory: OSV:GHSA-8H77-9VH5-HW5G...

Jetty < 9.4.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

UBUNTU-CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Exploit

Exploit for hardware platform in category web applications Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...

Eclipse Jetty XSS Vulnerability (CVE-2019-17632) - Linux

Eclipse Jetty is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5852/info A flaw in the CGIServlet in Jetty allows an attacker to execute arbitrary commands on the server. Specifically, it is possible for an attacker to use directory traversal sequences and cause the CGIServlet to execute attacker-specified commands...