[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 195419 Download | Alert*

Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol , does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution.

The linuxptp packages provide Precision Time Protocol implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces offered by the Linux kernel. For more details about the security issue, including the impact, a CVSS score, acknowledgments, ...

The linuxptp packages provide Precision Time Protocol implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces offered by the Linux kernel. The following packages have been upgraded to a later upstream version: linuxptp . For more det ...

The host is installed with Apache Sshd 2.0.0 before 2.7.0 and is prone to a missing release of resource after effective lifetime vulnerability. A flaw is present in the applications which fails to properly handle the SFTP and port forwarding features. Successful exploitation allows a remote attackers to overflow the server causing an OutOfMemory error.

The host is installed with Apache Tomcat 8.5.64 or 9.0.44 or 10.0.3 through 10.0.4 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to handle of exceptional conditions during non-blocking I/O. Successful exploitation allows attackers to cause denial of service.

The host is installed with Apache Tomcat 10.0.0-M1 through 10.0.6, 9.0.0.M1 through 9.0.46 or 8.5.0 through 8.5.66 and is prone to a HTTP request smuggling vulnerability. A flaw is present in application, which fails to properly parse the HTTP transfer-encoding request header in some circumstances. Successful exploitation could allow attackers to cause request smuggling via a reverse proxy.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.

tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfe ...


Pages:      Start    9503    9504    9505    9506    9507    9508    9509    9510    9511    9512    9513    9514    9515    9516    ..   19541

© SecPod Technologies