9 matches found
tomcat security update
An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...
CVE-2025-42978
The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...
Information disclosure
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests...
AlmaLinux 9 : libtiff (ALSA-2023:2340)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2340 advisory. - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access v...
Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU October 2013
Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The products that are listed in the Affected product section are shipped with a versio...
Default configuration
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...
CVE-2020-29005
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...
Security Bulletin: Potential information disclosure in WebSphere Application Server shipped with Jazz for Service Management (CVE-2018-1957)
Summary There is a potential information disclosure in WebSphere Application Server CVE-2018-1957 Vulnerability Details CVEID: CVE-2018-1957 DESCRIPTION: IBM WebSphere Application Server could allow sensitive information to be available caused by mishandling of data by the application based on an...
Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components
More info at https://framework.zend.com/security/advisory/ZF2013-02...