In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the ser ...

Continue Reading

September 12, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHea8Qw-Qb_GsBYWzFYkzJuRajsskOY6vuS1azRXfGLfWXNtq0qqTLhNvCyvh6G15V3K0wqCwnUqcWvf6gVBzHUh1MBVFc9tvsGnh_UBpx7rnXMoV4_bQL_p04bYI_kkVBGLJ-sh ...

Continue Reading

September 09, 2022

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6393 advisory. - jquery: Cross-site scripting due to imp ...

Continue Reading

September 08, 2022

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a co ...

Continue Reading

September 08, 2022

tomcat6 is vulnerable to command injection. Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sending a special ...

Continue Reading

September 07, 2022

## Summary IBM Rational Build Forge is affected by CVE-2021-42340. ## Vulnerability Details ** CVEID: **[CVE-2021-42340]() ** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused ...

Continue Reading

August 30, 2022

## Summary Watson Machine Learning Accelerator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22971) as it does not meet all of the following cri ...

Continue Reading

August 30, 2022

## Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. ## Vulnerability Details ** CVEID: **[CVE-2021-42340]() ** DESCRIPTION: **Apache Tomcat is vulnerable ...

Continue Reading

August 30, 2022