Overview
Description
The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.
Statistics
- 1 Post
Last activity: 8 hours ago
Overview
- Apache Software Foundation
- Apache Tomcat
17 Feb 2026
Published
11 Mar 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV
Description
Improper Input Validation vulnerability.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.
Tomcat did not validate that the host name provided via the SNI
extension was the same as the host name provided in the HTTP host header
field. If Tomcat was configured with more than one virtual host and the
TLS configuration for one of those hosts did not require client
certificate authentication but another one did, it was possible for a
client to bypass the client certificate authentication by sending
different host names in the SNI extension and the HTTP host header field.
The vulnerability only applies if client certificate authentication is
only enforced at the Connector. It does not apply if client certificate
authentication is enforced at the web application.
Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
- SUSE
- openSUSE Factory
- obs-scm-bridge
28 Nov 2024
Published
28 Nov 2024
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.02%
KEV
Description
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
Statistics
- 1 Post
- 1 Interaction
Last activity: 21 hours ago
Bluesky
Overview
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.
Statistics
- 1 Post
- 1 Interaction
Last activity: 21 hours ago
Bluesky
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
Statistics
- 1 Post
- 1 Interaction
Last activity: 21 hours ago
Bluesky
Overview
Description
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Statistics
- 1 Post
- 1 Interaction
Last activity: 21 hours ago