Race Condition Vulnerability

Library name is vulnerable to race condition. The vulnerability is due to query cancellation during the Scan method execution, which allows an attacker to interfere with parallel queries and cause unexpected results or errors...

CVE-2022-47937

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to conside...

CVE-2025-37756 net: tls: explicitly disallow disconnect

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 commit 4dbc6a4ef06d "usb: typec: ucsi: save power data objects in PD mode" introduced retrieval of the PDOs when connected to a PD-capable source. But only the...

Improper Input Validation

org.apache.sling.commons.json is vulnerable to Improper Input Validation. The vulnerability exists because the library does not properly validate user inputs, which allows an attacker to trigger unexpected errors by supplying maliciously crafted input...

Input validation

UNSUPPORTED WHEN ASSIGNED Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer The...

Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

GHSA-9HG2-395J-83RM Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

Denial Of Service (DoS) Through Memory Consumption

apache-shiro is vulnerable to denial of service DoS attacks. The library does not catch unexpected errors in scheduled tasks, causing threads to run indefinitely without being terminated. This can lead to the application running out of memory and crashing...

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

Information Disclosure

tomcat-coyote is vulnerable to information disclosure. If the send file process completed quickly, it is possible for a processor to be added to the processor cache twice, resulting in the same process being reused for multiple requests. A malicious user could gain access to this processor to...