tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

JCS - Joomla Vulnerability Component Scanner

JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...

OpenMPT and libopenmpt Denial of Service Vulnerabilities

OpenMPT is an open source audio processing program . libopenmpt is a cross-platform C and C++ based audio playback library . A security vulnerability exists in the soundlib/Sndfx.cpp file in OpenMPT versions prior to 1.27.07.00 and libopenmpt versions prior to 0.3.8. A remote attacker can exploit...

CVE-2018-10017

soundlib/Sndfx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service out-of-bounds read via an IT or MO3 file with many nested pattern loops...

CVE-2018-10017

soundlib/Sndfx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service out-of-bounds read via an IT or MO3 file with many nested pattern loops...

CVE-2018-10017

soundlib/Sndfx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service out-of-bounds read via an IT or MO3 file with many nested pattern loops...

CVE-2018-10017

soundlib/Sndfx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service out-of-bounds read via an IT or MO3 file with many nested pattern loops...

CVE-2018-10017

soundlib/Sndfx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service out-of-bounds read via an IT or MO3 file with many nested pattern loops...

CVE-2017-15837

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211PKTPATOFFSET is not defined which can lead to a buffer over-read in nlagetu32...

Information disclosure

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table PHT, aka BranchScope...

CVE-2018-9056

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table PHT, aka BranchScope...

CVE-2018-9056

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table PHT, aka BranchScope...

CVE-2018-9056

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table PHT, aka BranchScope...

Amazon Linux AMI : tomcat80 (ALAS-2018-973)

Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration : As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not...

Medium: tomcat80

Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...

Medium: tomcat7, tomcat8

Issue Overview: Late application of security constraints can lead to resource exposure for unauthorised users: Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the U...

Hardcoded credentials

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successf...

CVE-2017-17149

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successf...

CVE-2017-17149

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successf...