5 matches found
SUSE-SU-2026:2675-1 Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...
MGASA-2026-0139 Updated tomcat packages fix security vulnerability
Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...
CVE-2026-34090
The vulnerability CVE-2026-34090 affects Wikimedia Foundation CheckUser, versions 1.45.0 to 1.45.1. It exposes sensitive information to an unauthorized actor (confidentiality impact). No exploit details are provided in the connected documents. Remediation: upgrade to version 1.45.2 (per PT-2026-3...
CVE-2026-22665 prompts.chat Identity Confusion via Case-Sensitive Username Handling
prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...
Cisco Prime Infrastructure Elevation of Privilege Vulnerability
Cisco Prime Infrastructure is a wireless management solution through Cisco Prime LAN Management Solution and Cisco Prime Network Control System technologies. A security vulnerability exists in Cisco Prime Infrastructure, as the program stores case-sensitive usernames and performs case-sensitive...