EUVD-2011-1306

Malware in sbrugna...

EUVD-2023-23384

Malicious code in bioql PyPI...

CVE-2023-1097

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party...

SUSE CVE-2023-46589

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

Apache Tomcat 9.0.0-M11 < 9.0.44 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.7 to 8.5.63 and 9.0.0-M11 to 9.0.43. It is, therefore, affected by a request smuggling vulnerability. Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported...

SUSE CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

GHSA-F4QF-M5GF-8JM8 Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue...

DEBIAN-CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

Apache Tomcat Information Disclosure Vulnerability (Jan 2024) - Linux

Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

Oracle Linux 8 : tomcat (ELSA-2024-0125)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0125 advisory. - Open Redirect vulnerability in FORM authentication CVE-2023-41080 - FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 ...

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...

CVE-2023-33411

A web server in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive...

Directory traversal

A web server in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive...

CVE-2023-33412

The CVE-2023-33412 issue affects Supermicro X11 and M11-based devices with IPMI BMC. Firmware versions before 3.17.02 expose a vulnerability where remote authenticated users can execute arbitrary commands by sending crafted requests to vulnerable CGI endpoints. Impact is described as high for con...

PT-2023-24338 · Supermicro · Supermicro X11

Name of the Vulnerable Software and Affected Versions: Supermicro X11 and M11 based devices versions through 3.17.02 Description: The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation allows remote authenticated...

PT-2023-8803 · Supermicro · Supermicro X11

Name of the Vulnerable Software and Affected Versions: Supermicro X11 and M11 based devices versions prior to 3.17.02 Description: The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation allows remote authenticated users to execut...

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...

CVE-2023-33413

The PT-Security entry for CVE-2023-33413 details a flaw in Supermicro IPMI BMC on X11/M11 devices up to firmware 3.17.02. The root cause is hardcoded configuration file encryption keys used by the IPMI BMC config function, enabling remote authenticated users to craft/upload a malicious configurat...