tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

CVE-2025-42978

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

CVE-2024-9798 Health endpoint offers list of onboarded services to unauthenticated users

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers...

Information Exposure

github.com/schollz/croc is vulnerable to Information Exposure. The vulnerability is due to there case where an explicit IP isn't provided, the receiver prompts the sender for its local IP addresses using the ips? message. That triggers an unencrypted message exchange and sender will send out...

Information disclosure

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests...

AlmaLinux 9 : libtiff (ALSA-2023:2340)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2340 advisory. - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access v...

PrestaShop has potential Information exposure in the upload directory

Impact Potential Information exposure in the upload directory. Patches Patch in PrestaShop 1.7.8.8 References https://capec.mitre.org/data/definitions/87.html Thanks to DZPATROL...

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU October 2013

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The products that are listed in the Affected product section are shipped with a versio...

Default configuration

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

CVE-2021-32817 File disclosure in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational...

CVE-2020-29005

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...

SUSE-SU-2021:0022-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange bsc1173513...

CVE-2020-35859

An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption...

openSUSE Security Update : openssh (openSUSE-2020-2240)

This update for openssh fixes the following issues : - CVE-2020-14145: Fixed a potential information leak during host key exchange bsc1173513. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this...

Security Bulletin: Potential information disclosure in WebSphere Application Server shipped with Jazz for Service Management (CVE-2018-1957)

Summary There is a potential information disclosure in WebSphere Application Server CVE-2018-1957 Vulnerability Details CVEID: CVE-2018-1957 DESCRIPTION: IBM WebSphere Application Server could allow sensitive information to be available caused by mishandling of data by the application based on an...

CVE-2017-2639

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...

CVE-2017-1295

IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157...

Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components

More info at https://framework.zend.com/security/advisory/ZF2013-02...

FreeBSD : nginx -- potential information leak (29194cb8-6e9f-11e1-8376-f0def16c5c1b)

nginx development team reports : Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak. %NASLMINLEVEL 70300 C Tenable Network Securit...