Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61795 (GCVE-0-2025-61795)
Vulnerability from cvelistv5 – Published: 2025-10-27 17:30 – Updated: 2025-11-04 21:14
VLAI?
EPSS
Title
Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS
Summary
Improper Resource Shutdown or Release vulnerability in Apache Tomcat.
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.11
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.46 (semver) Affected: 9.0.0.M1 , ≤ 9.0.109 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
sw0rd1ight (https://github.com/sw0rd1ight)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T18:48:52.755946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:48:55.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:10.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.11",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.46",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.109",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "sw0rd1ight (https://github.com/sw0rd1ight)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Resource Shutdown or Release vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:37:45.872Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61795",
"datePublished": "2025-10-27T17:30:28.334Z",
"dateReserved": "2025-10-01T09:20:53.155Z",
"dateUpdated": "2025-11-04T21:14:10.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61795\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-10-27T18:15:44.200\",\"lastModified\":\"2025-11-14T16:53:33.300\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\\n\\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\\n\\n\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.100\",\"matchCriteriaId\":\"FF43D0D7-FBF3-4D7A-84C4-47B65A75A524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.110\",\"matchCriteriaId\":\"CA30BB96-A72D-42BA-9058-7ABBEB5560E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.27\",\"matchCriteriaId\":\"B30CA0D9-834D-4044-B03B-7E6E60A4B0E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.47\",\"matchCriteriaId\":\"E433C62E-73C1-443F-9C89-D0C2EDF13F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.12\",\"matchCriteriaId\":\"03C75BFF-9137-45AF-B5F4-99E2CBF1D3F4\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/10/27/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/10/27/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:14:10.512Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61795\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-27T18:48:52.755946Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-27T18:48:43.958Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"sw0rd1ight (https://github.com/sw0rd1ight)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.11\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.46\"}, {\"status\": \"affected\", \"version\": \"9.0.0.M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.109\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"unknown\", \"version\": \"3\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\\n\\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\\n\\n\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Resource Shutdown or Release vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"CWE-404 Improper Resource Shutdown or Release\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:37:45.872Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61795\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:14:10.512Z\", \"dateReserved\": \"2025-10-01T09:20:53.155Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-10-27T17:30:28.334Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
NCSC-2026-0022
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:25 - Updated: 2026-01-21 09:25Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.
Interpretaties
De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-863
Incorrect Authorization
CWE-937
CWE-937
CWE-1035
CWE-1035
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-20
Improper Input Validation
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-116
Improper Encoding or Escaping of Output
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-123
Write-what-where Condition
CWE-125
Out-of-bounds Read
CWE-126
Buffer Over-read
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-252
Unchecked Return Value
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-295
Improper Certificate Validation
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-393
Return of Wrong Status Code
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-407
Inefficient Algorithmic Complexity
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415
Double Free
CWE-416
Use After Free
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-789
Memory Allocation with Excessive Size Value
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2026-01-21T09:25:39.876330Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0022",
"initial_release_date": "2026-01-21T09:25:39.876330Z",
"revision_history": [
{
"date": "2026-01-21T09:25:39.876330Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Cloud Native Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications ASAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications BRM - Elastic Charging Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Element Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications IP Service Activator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Policy Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Report Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-46901",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-46901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-46901"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "other",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5987"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"notes": [
{
"category": "other",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-9900"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications products and GnuTLS\u0027s certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-46727",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46727 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46727.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-46727"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48060 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49844",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49844 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49844.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-49844"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-58098",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58098 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58098"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "description",
"text": "Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64718 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-68161"
}
]
}
NCSC-2026-0020
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:18 - Updated: 2026-01-21 09:18Summary
Kwetsbaarheden verholpen in Oracle Commerce
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit beïnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-125
Out-of-bounds Read
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-404
Improper Resource Shutdown or Release
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-863
Incorrect Authorization
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit be\u00efnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2026-01-21T09:18:16.268788Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0020",
"initial_release_date": "2026-01-21T09:18:16.268788Z",
"revision_history": [
{
"date": "2026-01-21T09:18:16.268788Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Guided Search"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-50059"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-66516"
}
]
}
NCSC-2026-0021
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:19 - Updated: 2026-01-21 09:19Summary
Kwetsbaarheden verholpen in Oracle Database Server producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten.
Interpretaties
De kwetsbaarheden in Oracle Database Server stellen niet-geauthenticeerde aanvallers in staat om de integriteit en vertrouwelijkheid van gegevens te compromitteren. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige data en zelfs een mogelijke overname van de SQLcl-component.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-295
Improper Certificate Validation
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-326
Inadequate Encryption Strength
CWE-347
Improper Verification of Cryptographic Signature
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404
Improper Resource Shutdown or Release
CWE-457
Use of Uninitialized Variable
CWE-502
Deserialization of Untrusted Data
CWE-674
Uncontrolled Recursion
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-862
Missing Authorization
CWE-908
Use of Uninitialized Resource
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle Database Server stellen niet-geauthenticeerde aanvallers in staat om de integriteit en vertrouwelijkheid van gegevens te compromitteren. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige data en zelfs een mogelijke overname van de SQLcl-component. ",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database Server producten",
"tracking": {
"current_release_date": "2026-01-21T09:19:00.000449Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0021",
"initial_release_date": "2026-01-21T09:19:00.000449Z",
"revision_history": [
{
"date": "2026-01-21T09:19:00.000449Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Core RDBMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Essbase"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Fleet Patching and Provisioning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "GoldenGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "GoldenGate Big Data and Application Adapters"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Goldengate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "GraalVM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Graph Server And Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Java Virtual Machine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "NoSQL Database"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle APEX Sample Applications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Graal Development Kit for Micronaut"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Zero Data Loss Recovery Appliance Software"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SQLcl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Secure Backup"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Spatial and Graph"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-30065",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle NoSQL Database and Apache Parquet allow for significant security risks, including arbitrary code execution and database compromise, affecting versions 1.5 and 1.6 of Oracle NoSQL and 1.15.0 and earlier of Apache Parquet.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30065 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-30065.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-30065"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-55039",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Spark versions prior to 4.0.0, 3.5.2, and 3.4.4 have a vulnerability due to insecure RPC encryption, while Oracle GoldenGate Stream Analytics versions 19.1.0.0.0-19.1.0.0.11 allow unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55039 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55039.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-55039"
},
{
"cve": "CVE-2025-59250",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "A vulnerability in Oracle GoldenGate\u0027s JDBC Driver for SQL Server (versions 21.3-21.20 and 23.4-23.10) allows unauthenticated attackers to exploit improper input validation, posing significant confidentiality and integrity risks with a CVSS score of 8.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59250 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59250.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-59250"
},
{
"cve": "CVE-2025-59419",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Netty\u0027s SMTP codec has a command injection vulnerability allowing email forgery, while Oracle GoldenGate Big Data and Application Adapters are susceptible to denial of service attacks by low-privileged users.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59419 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59419.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-59419"
},
{
"cve": "CVE-2025-61755",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle GraalVM for JDK and the GraalVM Multilingual Engine of Oracle Database Server allow unauthorized data access, with CVSS scores of 3.7 and 3.1, respectively.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61755 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-61755"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-65082",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions 2.4.0 to 2.4.65 expose systems to unauthorized data manipulation, denial of service, and sensitive information disclosure through various exploitation methods.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65082 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65082.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-65082"
},
{
"cve": "CVE-2025-66566",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "Multiple vulnerabilities in lz4-java (1.10.0 and earlier) and Oracle Essbase (21.8.0.0.0) allow unauthorized access and sensitive data disclosure due to insufficient buffer clearing and unauthenticated access, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66566 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66566.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-66566"
},
{
"cve": "CVE-2025-67735",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"title": "CWE-93"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The `io.netty.handler.codec.http.HttpRequestEncoder` is vulnerable to CRLF injection in the request URI, leading to request smuggling, while the Oracle Graal Development Kit for Micronaut has an exploitable vulnerability affecting specific versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-67735 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-67735.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-67735"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-21931",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle APEX Sample Applications allows low-privileged attackers to compromise applications, leading to unauthorized data access and modifications across several supported versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21931 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21931.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21931"
},
{
"cve": "CVE-2026-21939",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s SQLcl component (versions 23.4.0-23.26.0) allows unauthenticated attackers to compromise SQLcl with human interaction, rated with a CVSS 3.1 Base Score of 7.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21939 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21939.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21939"
},
{
"cve": "CVE-2026-21975",
"notes": [
{
"category": "description",
"text": "A vulnerability in the Java VM component of Oracle Database Server versions 19.3-19.29 and 21.3-21.20 allows high-privileged authenticated users to potentially cause a denial of service, with a CVSS score of 4.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21975 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21975.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21975"
},
{
"cve": "CVE-2026-21977",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Zero Data Loss Recovery Appliance Software (versions 23.1.0-23.1.202509) allows unauthenticated attackers to potentially gain unauthorized read access to data, with a CVSS score of 3.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21977.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2026-21977"
}
]
}
NCSC-2026-0025
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:55 - Updated: 2026-01-21 09:55Summary
Kwetsbaarheden verholpen in Oracle Financial Services
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle Banking Liquidity Management, Oracle Financial Services Model Management en Oracle FLEXCUBE.
Interpretaties
De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en Denial-of-Service (DoS) aan te richten. Dit kan leiden tot vertrouwelijkheids- en integriteitsrisico's. Specifieke kwetsbaarheden omvatten onjuist beheer van verbindingen en onvoldoende invoervalidatie wat kan resulteren in systeemcompromittering en serviceonderbrekingen.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-125
Out-of-bounds Read
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-287
Improper Authentication
CWE-289
Authentication Bypass by Alternate Name
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-521
Weak Password Requirements
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863
Incorrect Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle Banking Liquidity Management, Oracle Financial Services Model Management en Oracle FLEXCUBE.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en Denial-of-Service (DoS) aan te richten. Dit kan leiden tot vertrouwelijkheids- en integriteitsrisico\u0027s. Specifieke kwetsbaarheden omvatten onjuist beheer van verbindingen en onvoldoende invoervalidatie wat kan resulteren in systeemcompromittering en serviceonderbrekingen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Financial Services",
"tracking": {
"current_release_date": "2026-01-21T09:55:33.889125Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0025",
"initial_release_date": "2026-01-21T09:55:33.889125Z",
"revision_history": [
{
"date": "2026-01-21T09:55:33.889125Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Oracle Banking Branch"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Banking Cash Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Banking Corporate Lending Process Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Banking Liquidity Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Banking Supply Chain Finance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle FLEXCUBE Investor Servicing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle FLEXCUBE Universal Banking"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Compliance Studio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Insurance Policy Administration J2EE"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-521",
"name": "Weak Password Requirements"
},
"notes": [
{
"category": "other",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across Oracle and NetApp products, including critical issues in Oracle Banking Liquidity Management and Spring Security flaws affecting sensitive data integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22228 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-22228.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle products allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for several Oracle systems.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41248 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48795",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle\u0027s Primavera P6 and WebCenter Forms Recognition, along with an Apache CXF bug and issues in HPE Telco Service Activator, expose systems to unauthorized data access and potential denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48795"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2026-21973",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle FLEXCUBE Investor Servicing versions 14.5.0.15.0, 14.7.0.8.0, and 14.8.0.1.0 allows low privileged attackers to exploit it via HTTP, leading to unauthorized access and modification of critical data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21973 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21973.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-21973"
},
{
"cve": "CVE-2026-21978",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle FLEXCUBE Universal Banking (versions 14.0.0.0.0-14.8.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, rated with a CVSS 3.1 Base Score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21978 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21978.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-21978"
}
]
}
RHSA-2025:19809
Vulnerability from csaf_redhat - Published: 2025-11-06 16:32 - Updated: 2025-12-16 19:11Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update
Notes
Topic
Red Hat JBoss Web Server 6.1.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security Fix(es):
* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)
* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.1.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)\n* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19809",
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "JWS-3618",
"url": "https://issues.redhat.com/browse/JWS-3618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19809.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update",
"tracking": {
"current_release_date": "2025-12-16T19:11:21+00:00",
"generator": {
"date": "2025-12-16T19:11:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:19809",
"initial_release_date": "2025-11-06T16:32:43+00:00",
"revision_history": [
{
"date": "2025-11-06T16:32:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T15:57:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-16T19:11:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1 for RHEL 10",
"product": {
"name": "Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el10"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1 for RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el10jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:32:43+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:32:43+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:32:43+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2025:23050
Vulnerability from csaf_redhat - Published: 2025-12-10 14:45 - Updated: 2025-12-16 19:11Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
An update for tomcat is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23050",
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23050.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-12-16T19:11:28+00:00",
"generator": {
"date": "2025-12-16T19:11:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:23050",
"initial_release_date": "2025-12-10T14:45:33+00:00",
"revision_history": [
{
"date": "2025-12-10T14:45:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:45:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-16T19:11:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-5.0-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-3.el10_1.1.src",
"product": {
"name": "tomcat-1:10.1.36-3.el10_1.1.src",
"product_id": "tomcat-1:10.1.36-3.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-3.el10_1.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-3.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src"
},
"product_reference": "tomcat-1:10.1.36-3.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2025:19810
Vulnerability from csaf_redhat - Published: 2025-11-06 16:24 - Updated: 2025-12-16 19:11Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update
Notes
Topic
Red Hat JBoss Web Server 6.1.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security Fix(es):
* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)
* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.1.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)\n* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19810",
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19810.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update",
"tracking": {
"current_release_date": "2025-12-16T19:11:22+00:00",
"generator": {
"date": "2025-12-16T19:11:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:19810",
"initial_release_date": "2025-11-06T16:24:24+00:00",
"revision_history": [
{
"date": "2025-11-06T16:24:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T15:57:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-16T19:11:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1.3",
"product": {
"name": "Red Hat JBoss Web Server 6.1.3",
"product_id": "Red Hat JBoss Web Server 6.1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.1.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:24:24+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.1.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:24:24+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.1.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:24:24+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2025:23051
Vulnerability from csaf_redhat - Published: 2025-12-10 14:38 - Updated: 2025-12-16 19:11Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
An update for tomcat is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23051",
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23051.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-12-16T19:11:28+00:00",
"generator": {
"date": "2025-12-16T19:11:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:23051",
"initial_release_date": "2025-12-10T14:38:53+00:00",
"revision_history": [
{
"date": "2025-12-10T14:38:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:38:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-16T19:11:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-5.0-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-1.el10_0.3.src",
"product": {
"name": "tomcat-1:10.1.36-1.el10_0.3.src",
"product_id": "tomcat-1:10.1.36-1.el10_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-1.el10_0.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-1.el10_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src"
},
"product_reference": "tomcat-1:10.1.36-1.el10_0.3.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
WID-SEC-W-2025-2420
Vulnerability from csaf_certbund - Published: 2025-10-27 23:00 - Updated: 2026-01-07 23:00Summary
Apache Tomcat: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2420 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2420.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2420 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2420"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"category": "external",
"summary": "PoC CVE-2025-55752 vom 2025-10-28",
"url": "https://github.com/TAM-K592/CVE-2025-55752"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19810 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19809 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15718-1 vom 2025-11-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W6PIRHQGOVWPZCOQCITPWJOJF46KPRH3/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15716-1 vom 2025-11-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUHQUF6GI6WNIB2OLHZWSVMV36C2EJIC/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3067 vom 2025-11-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3067.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2025-023 vom 2025-11-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2025-023.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4086-1 vom 2025-11-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023270.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250971 vom 2025-11-12",
"url": "https://www.ibm.com/support/pages/node/7250971"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4103-1 vom 2025-11-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023281.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7251634 vom 2025-11-18",
"url": "https://www.ibm.com/support/pages/node/7251634"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4159-1 vom 2025-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023311.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4184-1 vom 2025-11-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023318.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025-20106-1 vom 2025-11-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FPPZ6FSW6UKHPCGEBSEZ2WIKZC77TX7I/"
},
{
"category": "external",
"summary": "Camunda Security Notices vom 2025-12-01",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22924 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22924"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22925 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22925"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23050 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23049 vom 2025-12-11",
"url": "https://errata.build.resf.org/RLSA-2025:23049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23044 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23045 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23046 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23047 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23048 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23049 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23052 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23051 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23053 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21152-1 vom 2025-12-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023508.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23050 vom 2025-12-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-23050.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23052 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23052.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23049 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23049.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23048 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23048.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23050 vom 2025-12-12",
"url": "https://errata.build.resf.org/RLSA-2025:23050"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23052 vom 2025-12-12",
"url": "https://errata.build.resf.org/RLSA-2025:23052"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23048 vom 2025-12-13",
"url": "https://errata.build.resf.org/RLSA-2025:23048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23225 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0293 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0292 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-07T23:00:00.000+00:00",
"generator": {
"date": "2026-01-08T08:12:48.876+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2420",
"initial_release_date": "2025-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2025-55752 aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und IBM aufgenommen"
},
{
"date": "2025-11-16T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-27T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-12-01T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat, Rocky Enterprise Software Foundation, SUSE und Oracle Linux aufgenommen"
},
{
"date": "2025-12-11T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "17"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.47",
"product": {
"name": "Apache Tomcat \u003c10.1.47",
"product_id": "T048171"
}
},
{
"category": "product_version",
"name": "10.1.47",
"product": {
"name": "Apache Tomcat 10.1.47",
"product_id": "T048171-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.47"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.12",
"product": {
"name": "Apache Tomcat \u003c11.0.12",
"product_id": "T048172"
}
},
{
"category": "product_version",
"name": "11.0.12",
"product": {
"name": "Apache Tomcat 11.0.12",
"product_id": "T048172-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.110",
"product": {
"name": "Apache Tomcat \u003c9.0.110",
"product_id": "T048173"
}
},
{
"category": "product_version",
"name": "9.0.110",
"product": {
"name": "Apache Tomcat 9.0.110",
"product_id": "T048173-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.110"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for z/OS \t10.1.0.0-10.1.0.6",
"product": {
"name": "IBM Integration Bus for z/OS \t10.1.0.0-10.1.0.6",
"product_id": "T048665",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:for_zos_10.1.0.0_-_10.1.0.6"
}
}
}
],
"category": "product_name",
"name": "Integration Bus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP14 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP14 IF01",
"product_id": "T048556"
}
},
{
"category": "product_version",
"name": "7.5.0 UP14 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP14 IF01",
"product_id": "T048556-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up14_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.24.1",
"product": {
"name": "Open Source Camunda \u003c7.24.1",
"product_id": "T048978"
}
},
{
"category": "product_version",
"name": "7.24.1",
"product": {
"name": "Open Source Camunda 7.24.1",
"product_id": "T048978-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.24.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.23.7",
"product": {
"name": "Open Source Camunda \u003c7.23.7",
"product_id": "T048979"
}
},
{
"category": "product_version",
"name": "7.23.7",
"product": {
"name": "Open Source Camunda 7.23.7",
"product_id": "T048979-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.23.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.22.10",
"product": {
"name": "Open Source Camunda \u003c7.22.10",
"product_id": "T048980"
}
},
{
"category": "product_version",
"name": "7.22.10",
"product": {
"name": "Open Source Camunda 7.22.10",
"product_id": "T048980-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.22.10"
}
}
}
],
"category": "product_name",
"name": "Camunda"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server",
"product": {
"name": "Red Hat JBoss Web Server",
"product_id": "T003426",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.8.6",
"product": {
"name": "Red Hat JBoss Web Server \u003c5.8.6",
"product_id": "T049206"
}
},
{
"category": "product_version",
"name": "5.8.6",
"product": {
"name": "Red Hat JBoss Web Server 5.8.6",
"product_id": "T049206-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8.6"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise Server \u003c12 SP5 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server \u003c12 SP5 LTSS",
"product_id": "T048861"
}
},
{
"category": "product_version",
"name": "Enterprise Server 12 SP5 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product_id": "T048861-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:enterprise_server__12_sp5_ltss"
}
}
}
],
"category": "product_name",
"name": "Linux"
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"product_status": {
"known_affected": [
"T048171",
"67646",
"T048173",
"T048172",
"T003426",
"T004914",
"T032255",
"T048979",
"T048978",
"T002207",
"T027843",
"T048861",
"398363",
"T048980",
"T049206",
"T048556",
"T048665"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"product_status": {
"known_affected": [
"T048171",
"67646",
"T048173",
"T048172",
"T003426",
"T004914",
"T032255",
"T048979",
"T048978",
"T002207",
"T027843",
"T048861",
"398363",
"T048980",
"T049206",
"T048556",
"T048665"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"product_status": {
"known_affected": [
"T048171",
"67646",
"T048173",
"T048172",
"T003426",
"T004914",
"T032255",
"T048979",
"T048978",
"T002207",
"T027843",
"T048861",
"398363",
"T048980",
"T049206",
"T048556",
"T048665"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-61795"
}
]
}
CERTFR-2025-AVI-0967
Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49 | ||
| VMware | Tanzu Platform | Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1 | ||
| VMware | Tanzu Platform | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Platform | Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Platform | .NET Core Buildpack versions antérieures à 2.4.64 | ||
| VMware | Tanzu Platform | VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4 | ||
| VMware | Tanzu Platform | CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7 | ||
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.8 | ||
| VMware | Tanzu Platform | Go Buildpack versions antérieures à 1.10.57 | ||
| VMware | Tanzu Platform | VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Platform | NodeJS Buildpack versions antérieures à 1.8.61 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0 | ||
| VMware | Tanzu Platform | Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11 | ||
| VMware | Tanzu Platform | IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2024-7409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2024-6505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-43484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-3447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-43483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-4467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2024-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0967",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
}
]
}
CERTFR-2025-AVI-0967
Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49 | ||
| VMware | Tanzu Platform | Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1 | ||
| VMware | Tanzu Platform | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Platform | Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Platform | .NET Core Buildpack versions antérieures à 2.4.64 | ||
| VMware | Tanzu Platform | VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4 | ||
| VMware | Tanzu Platform | CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7 | ||
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.8 | ||
| VMware | Tanzu Platform | Go Buildpack versions antérieures à 1.10.57 | ||
| VMware | Tanzu Platform | VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Platform | NodeJS Buildpack versions antérieures à 1.8.61 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0 | ||
| VMware | Tanzu Platform | Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11 | ||
| VMware | Tanzu Platform | IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2024-7409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2024-6505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-43484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-3447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-43483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-4467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2024-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0967",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
}
]
}
CERTFR-2025-AVI-1129
Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.11 | ||
| VMware | Tanzu Platform | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.1 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.3.2 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.2.6+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | .NET Core Buildpack versions antérieures à 2.4.72 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.23+LTS-T |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.6+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.72",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.23+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3573"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-27111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27111"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-3044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3044"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2020-7792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7792"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25184"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-12194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12194"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-19T00:00:00",
"last_revision_date": "2025-12-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36626"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36633",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36633"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36630",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36630"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36631",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36631"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36629"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36632",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36632"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36627"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36628"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36625",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36625"
}
]
}
CERTFR-2025-AVI-1036
Vulnerability from certfr_avis - Published: 2025-11-24 - Updated: 2025-11-24
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | App Metrics versions antérieures à 2.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.954.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.126.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Platform Services | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Metric Store versions antérieures à 1.8.1 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu | VMware Tanzu pour Postgres on Tanzu Platform versions antérieures à 10.2.1 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.954.x | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Windows) versions antérieures à 2019.92.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.954.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "App Metrics versions ant\u00e9rieures \u00e0 2.3.2",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.126.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Platform Services",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Metric Store versions ant\u00e9rieures \u00e0 1.8.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour Postgres on Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.92.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-13425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13425"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-59530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-40300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2025-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5981"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-24T00:00:00",
"last_revision_date": "2025-11-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1036",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36513",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36513"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36530",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36530"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36512",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36512"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36526",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36526"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36511",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36511"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36525",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36525"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36516",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36516"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36527",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36527"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36536",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36536"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36519",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36519"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36518",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36518"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36524",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36524"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36521",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36521"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36528",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36528"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36522",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36522"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36514",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36514"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36532",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36532"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36509",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36509"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36517",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36517"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36533",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36533"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36537",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36537"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36531",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36531"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36510",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36510"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36523",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36523"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36515",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36515"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36529",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36529"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36534",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36534"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36535",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36535"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36520",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36520"
}
]
}
CERTFR-2025-AVI-0969
Vulnerability from certfr_avis - Published: 2025-11-06 - Updated: 2025-11-06
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | GenAI sur Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.90.x | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.58 | ||
| VMware | Tanzu Kubernetes Runtime | Python Buildpack versions antérieures à 1.8.63 | ||
| VMware | Tanzu Kubernetes Runtime | VMware Tanzu pour MySQL sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Kubernetes Runtime | API Gateway pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | Tanzu Kubernetes Runtime | PHP Buildpack versions antérieures à 4.6.49 | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Platform versions antérieures à 1.16.14 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.915.x | ||
| VMware | Tanzu Application Service | CredHub Service Broker versions antérieures à 1.6.6 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.915.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Application Service versions antérieures à 1.16.13 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.77.x | ||
| VMware | Services Suite | Platform Automation Toolkit versions antérieures à 5.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.906.x | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Data Flow pour VMware Tanzu versions antérieures à 1.14.9 | ||
| VMware | Tanzu Kubernetes Runtime | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.9 | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Services pour VMware Tanzu versions antérieures à 3.3.10 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Concourse pour VMware Tanzu versions antérieures à 7.14.1+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Ruby Buildpack versions antérieures à 1.10.46 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Telemetry pour VMware Tanzu Platform versions antérieures à 2.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.103.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Hub versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.906.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GenAI sur Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.90.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.58",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Python Buildpack versions ant\u00e9rieures \u00e0 1.8.63",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour MySQL sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "API Gateway pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "PHP Buildpack versions ant\u00e9rieures \u00e0 4.6.49",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.16.14",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Service Broker versions ant\u00e9rieures \u00e0 1.6.6",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.13",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.77.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.3.2",
"product": {
"name": "Services Suite",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow pour VMware Tanzu versions ant\u00e9rieures \u00e0 1.14.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.5.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services pour VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.10",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Concourse pour VMware Tanzu versions ant\u00e9rieures \u00e0 7.14.1+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Ruby Buildpack versions ant\u00e9rieures \u00e0 1.10.46",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.103.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-57981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57981"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2022-25308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25308"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-27102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27102"
},
{
"name": "CVE-2022-43236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43236"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2005-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0602"
},
{
"name": "CVE-2017-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6834"
},
{
"name": "CVE-2025-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22003"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3428"
},
{
"name": "CVE-2021-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3933"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43237"
},
{
"name": "CVE-2021-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23215"
},
{
"name": "CVE-2022-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1115"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21798"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21889"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-38328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38328"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2023-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3195"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2021-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20243"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2014-9157",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9157"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2021-26260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26260"
},
{
"name": "CVE-2023-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0922"
},
{
"name": "CVE-2025-38100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"name": "CVE-2017-18250",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18250"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-40002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40002"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2025-8851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8851"
},
{
"name": "CVE-2024-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58010"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-57973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57973"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2001-1268",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1268"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22017"
},
{
"name": "CVE-2025-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38108"
},
{
"name": "CVE-2025-21783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
},
{
"name": "CVE-2025-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38229"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2020-27769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27769"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2014-9748",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9748"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2022-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1623"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2024-38829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38829"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2017-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6831"
},
{
"name": "CVE-2024-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58034"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2023-38471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38471"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2020-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27776"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21743"
},
{
"name": "CVE-2025-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38147"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2023-34475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34475"
},
{
"name": "CVE-2024-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26896"
},
{
"name": "CVE-2025-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38286"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2025-12380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12380"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2022-2929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2929"
},
{
"name": "CVE-2018-15120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15120"
},
{
"name": "CVE-2024-58069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58069"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2025-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4287"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2025-21731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21731"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3605"
},
{
"name": "CVE-2025-38515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38515"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2017-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10928"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2025-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38163"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2017-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12429"
},
{
"name": "CVE-2025-38444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38444"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2023-2157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2157"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-58082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58082"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2025-55551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2023-48368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48368"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38157"
},
{
"name": "CVE-2023-24757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24757"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2022-31683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31683"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2025-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21872"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2017-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6832"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2024-45720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45720"
},
{
"name": "CVE-2022-1056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1056"
},
{
"name": "CVE-2018-10805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10805"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2025-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38219"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2025-38466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2020-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15095"
},
{
"name": "CVE-2018-16328",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16328"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5745"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2022-43239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43239"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2022-32546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32546"
},
{
"name": "CVE-2025-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0838"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2025-55553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55553"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2021-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4219"
},
{
"name": "CVE-2018-15798",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15798"
},
{
"name": "CVE-2025-55154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55154"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2017-11447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11447"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2023-39593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39593"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-46569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46569"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2018-14434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14434"
},
{
"name": "CVE-2019-6293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6293"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2021-3468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3468"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-58061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58061"
},
{
"name": "CVE-2025-46148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46148"
},
{
"name": "CVE-2024-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58058"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2149"
},
{
"name": "CVE-2021-3502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3502"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2018-16329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16329"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58056"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2024-43790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43790"
},
{
"name": "CVE-2025-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38313"
},
{
"name": "CVE-2025-38336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38336"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2025-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22009"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2025-21727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21727"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43240"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2021-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20312"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2023-52593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52593"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2023-26785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26785"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2024-57970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21929"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2025-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21735"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-3000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3000"
},
{
"name": "CVE-2022-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3213"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38112"
},
{
"name": "CVE-2025-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5878"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2024-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58063"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2025-38500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38500"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8961"
},
{
"name": "CVE-2025-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21977"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2025-21779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
},
{
"name": "CVE-2024-58005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-38203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38203"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2022-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0909"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2023-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38633"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2021-46312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46312"
},
{
"name": "CVE-2018-14628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14628"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38476"
},
{
"name": "CVE-2019-6461",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6461"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2015-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
},
{
"name": "CVE-2022-43244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43244"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2015-7696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7696"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2025-38387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38387"
},
{
"name": "CVE-2023-45922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45922"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-38362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38362"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2025-40004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40004"
},
{
"name": "CVE-2017-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7619"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-38371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38371"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-57982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57982"
},
{
"name": "CVE-2025-38445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38445"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-21746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-24070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2019-17547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17547"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2021-36411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36411"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2018-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10919"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-53014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53014"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2018-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10804"
},
{
"name": "CVE-2025-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38159"
},
{
"name": "CVE-2022-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0907"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-3670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3670"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2025-38305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-38067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2024-58054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58054"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40364"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2013-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2064"
},
{
"name": "CVE-2025-38401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38401"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2024-58070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58070"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2020-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25663"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58057"
},
{
"name": "CVE-2025-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0306"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-58007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58007"
},
{
"name": "CVE-2023-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1355"
},
{
"name": "CVE-2025-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21995"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37967"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38102"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2025-55560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55560"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2025-59842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59842"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2024-27766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27766"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21714"
},
{
"name": "CVE-2024-58078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58078"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-38399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38399"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2023-34153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34153"
},
{
"name": "CVE-2023-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3618"
},
{
"name": "CVE-2020-14153",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14153"
},
{
"name": "CVE-2022-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1114"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2025-38412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38412"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2011-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2207"
},
{
"name": "CVE-2025-54874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54874"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2025-38293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38293"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21830"
},
{
"name": "CVE-2018-12600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12600"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2025-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38184"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2025-9340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9340"
},
{
"name": "CVE-2023-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24758"
},
{
"name": "CVE-2025-55552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2016-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7531"
},
{
"name": "CVE-2006-3082",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3082"
},
{
"name": "CVE-2023-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5341"
},
{
"name": "CVE-2025-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8534"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3262"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-0743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0743"
},
{
"name": "CVE-2025-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21961"
},
{
"name": "CVE-2025-38458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38458"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2016-10062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10062"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2023-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34152"
},
{
"name": "CVE-2022-43249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43249"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2024-58085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58085"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2025-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38135"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2022-43242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43242"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2025-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2019-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14844"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21982"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-21828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21828"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2025-38363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38363"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2022-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0865"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2025-38319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38319"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2022-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0529"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2016-7514",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7514"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2025-9092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9092"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2021-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3598"
},
{
"name": "CVE-2025-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21880"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-38212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-38298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38298"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-37974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37974"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2024-57834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
},
{
"name": "CVE-2025-55197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55197"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55558"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2024-58017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58017"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2025-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21809"
},
{
"name": "CVE-2025-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38419"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2021-32490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32490"
},
{
"name": "CVE-2020-27768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27768"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2016-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5118"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-46045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46045"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2025-55557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55557"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2025-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2999"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2021-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35452"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2020-10251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10251"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2025-21745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2020-18781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18781"
},
{
"name": "CVE-2025-7709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7709"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38251"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38120"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2025-38285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37750"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38161"
},
{
"name": "CVE-2025-9640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9640"
},
{
"name": "CVE-2022-1897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
},
{
"name": "CVE-2022-43248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43248"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2024-58081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58081"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2017-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6829"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2021-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4214"
},
{
"name": "CVE-2025-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21911"
},
{
"name": "CVE-2023-24752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24752"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-43245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43245"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2018-9133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9133"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38115"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2025-21816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21816"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2021-36410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36410"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
},
{
"name": "CVE-2025-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38153"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2024-58003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58003"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-38395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38395"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38337"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2024-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-38465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-38513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38513"
},
{
"name": "CVE-2025-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21736"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21741"
},
{
"name": "CVE-2020-18032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18032"
},
{
"name": "CVE-2017-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6833"
},
{
"name": "CVE-2025-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21808"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-58076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58076"
},
{
"name": "CVE-2023-24751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24751"
},
{
"name": "CVE-2025-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21708"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21720"
},
{
"name": "CVE-2025-32463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32463"
},
{
"name": "CVE-2015-7747",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7747"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2025-55004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55004"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38441"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2023-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38037"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2519"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21711"
},
{
"name": "CVE-2025-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2998"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2021-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20313"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2023-45913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45913"
},
{
"name": "CVE-2018-13153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13153"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2023-34474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34474"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-38227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38227"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-58079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58079"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2021-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45931"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2021-28544",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2025-21734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21734"
},
{
"name": "CVE-2025-32728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32728"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2021-44964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44964"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2018-14437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14437"
},
{
"name": "CVE-2024-13978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13978"
},
{
"name": "CVE-2025-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21890"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2021-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3596"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2024-57883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57883"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2017-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6830"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-21748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21748"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2021-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46310"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38074"
},
{
"name": "CVE-2024-58086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
},
{
"name": "CVE-2025-38119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38119"
},
{
"name": "CVE-2025-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38245"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2020-14152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14152"
},
{
"name": "CVE-2025-38324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38324"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2024-58051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58051"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2025-9390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9390"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2019-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9904"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2025-9165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9165"
},
{
"name": "CVE-2023-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1981"
},
{
"name": "CVE-2023-30571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30571"
},
{
"name": "CVE-2022-2231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2231"
},
{
"name": "CVE-2025-46150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46150"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38542"
},
{
"name": "CVE-2025-38344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38344"
},
{
"name": "CVE-2023-28120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28120"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2025-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38088"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2020-35492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35492"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2023-1289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1289"
},
{
"name": "CVE-2025-38386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38386"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2025-9341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9341"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-21895",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21895"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2018-16412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16412"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2019-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6462"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2021-32493",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32493"
},
{
"name": "CVE-2023-24754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24754"
},
{
"name": "CVE-2020-29509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29509"
},
{
"name": "CVE-2023-5568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5568"
},
{
"name": "CVE-2023-38470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38470"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2025-38237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38237"
},
{
"name": "CVE-2025-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38174"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2025-21888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21888"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2024-57990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57990"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2014-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9636"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2022-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2022-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2521"
},
{
"name": "CVE-2023-49582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49582"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21976"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-57975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57975"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-32491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32491"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0924"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2022-33068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33068"
},
{
"name": "CVE-2025-38342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-58068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58068"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2024-57998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57998"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-38206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38206"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2023-47282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47282"
},
{
"name": "CVE-2016-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-20012"
},
{
"name": "CVE-2025-38111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2019-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3792"
},
{
"name": "CVE-2022-43235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43235"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22001"
},
{
"name": "CVE-2024-10524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
},
{
"name": "CVE-2025-40017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40017"
},
{
"name": "CVE-2023-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45919"
},
{
"name": "CVE-2025-38326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38326"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2018-15607",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15607"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38384"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38424"
},
{
"name": "CVE-2025-38430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2025-3001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3001"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-32545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32545"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2025-21820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21820"
},
{
"name": "CVE-2017-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6838"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-41817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41817"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6835"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2025-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38420"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2024-57997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57997"
},
{
"name": "CVE-2025-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38160"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-31782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31782"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38107"
},
{
"name": "CVE-2025-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32434"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2025-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"name": "CVE-2025-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38197"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2022-43253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43253"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2025-53019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53019"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-53367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53367"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2021-45942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45942"
},
{
"name": "CVE-2022-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1615"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2021-20246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20246"
},
{
"name": "CVE-2025-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21707"
},
{
"name": "CVE-2023-24755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24755"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-38467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38467"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2025-21804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21804"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2017-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6837"
},
{
"name": "CVE-2014-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9913"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-37407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37407"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2025-22011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22011"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43252"
},
{
"name": "CVE-2023-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0614"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2020-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21606"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2001-1269",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1269"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38617"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2023-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47169"
},
{
"name": "CVE-2025-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38122"
},
{
"name": "CVE-2025-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21801"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-38173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38173"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2148"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38143"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2023-38469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38469"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2016-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5841"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53101"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2022-44267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44267"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2019-8321",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8321"
},
{
"name": "CVE-2025-21826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21826"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-21750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21750"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2025-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46393"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2021-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0561"
},
{
"name": "CVE-2018-12599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12599"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-38416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38416"
},
{
"name": "CVE-2022-1587",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1587"
},
{
"name": "CVE-2025-21825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21825"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0284"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2024-58016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58016"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21903"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2025-38194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38194"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1667"
},
{
"name": "CVE-2022-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2953"
},
{
"name": "CVE-2022-43238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43238"
},
{
"name": "CVE-2025-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3121"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2024-20696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20696"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-46149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46149"
},
{
"name": "CVE-2021-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26945"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-46152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46152"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2025-38348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38348"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2025-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38540"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2022-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28463"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2025-21726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21726"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2018-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3779"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2022-28805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28805"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2025-21723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21723"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38146"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2022-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1355"
},
{
"name": "CVE-2025-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47291"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2025-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38418"
},
{
"name": "CVE-2025-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38090"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2025-21810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21810"
},
{
"name": "CVE-2022-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2021-24031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24031"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-46153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46153"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2025-5994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5994"
},
{
"name": "CVE-2021-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38115"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2021-31879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2021-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20309"
},
{
"name": "CVE-2022-29217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29217"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38472"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2017-12643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12643"
},
{
"name": "CVE-2024-57953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57953"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2021-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26720"
},
{
"name": "CVE-2025-54801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54801"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2023-24756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24756"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2022-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2520"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-9403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9403"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2016-4074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4074"
},
{
"name": "CVE-2024-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0746"
},
{
"name": "CVE-2025-21775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2022-33099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33099"
},
{
"name": "CVE-2023-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45931"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-38400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26775"
},
{
"name": "CVE-2022-25309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25309"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38136"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-55212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55212"
},
{
"name": "CVE-2022-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36087"
},
{
"name": "CVE-2022-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32547"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-26280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26280"
},
{
"name": "CVE-2025-37752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37752"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2025-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21873"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2018-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11655"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2022-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2928"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-57803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57803"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2020-29511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29511"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2015-7697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7697"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21742"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-43243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43243"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2017-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16231"
},
{
"name": "CVE-2025-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38406"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21930"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2017-9409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9409"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2025-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21892"
},
{
"name": "CVE-2024-58052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58052"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2025-55554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
},
{
"name": "CVE-2024-43168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43168"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22016"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2025-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38263"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-46901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46901"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2025-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21955"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"name": "CVE-2025-21773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38218"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2024-43167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43167"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-1000035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000035"
},
{
"name": "CVE-2021-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40211"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2025-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"name": "CVE-2024-26256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2020-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0499"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3136"
},
{
"name": "CVE-2025-55160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55160"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38249"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2022-48703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48703"
},
{
"name": "CVE-2025-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38154"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30699"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-38389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38389"
},
{
"name": "CVE-2025-38448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38448"
},
{
"name": "CVE-2022-48281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48281"
},
{
"name": "CVE-2023-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2426"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2025-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
},
{
"name": "CVE-2021-20176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20176"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2025-55298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55298"
},
{
"name": "CVE-2022-43241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43241"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38377"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2023-22656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22656"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-43965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43965"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2021-36408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36408"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2023-39327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
},
{
"name": "CVE-2017-18253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18253"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-58053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58053"
},
{
"name": "CVE-2025-38516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38516"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-38462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38462"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38428"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2018-13410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13410"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-38262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38262"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2025-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38138"
},
{
"name": "CVE-2021-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3610"
},
{
"name": "CVE-2024-58077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58077"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-38310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38310"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2022-43250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43250"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2025-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38226"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38473"
},
{
"name": "CVE-2025-38443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38443"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-52099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52099"
},
{
"name": "CVE-2023-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43887"
},
{
"name": "CVE-2025-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21967"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"name": "CVE-2025-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38439"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38145"
},
{
"name": "CVE-2022-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2598"
},
{
"name": "CVE-2020-27829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27829"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-21749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21749"
},
{
"name": "CVE-2017-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6839"
},
{
"name": "CVE-2023-1906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1906"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2023-47471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47471"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2022-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1771"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2021-32492",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32492"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-55005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55005"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2022-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1586"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-40015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40015"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2025-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21829"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2024-57999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57999"
},
{
"name": "CVE-2018-16645",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16645"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2025-21969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21969"
},
{
"name": "CVE-2025-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38200"
},
{
"name": "CVE-2025-40007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40007"
},
{
"name": "CVE-2024-58072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58072"
},
{
"name": "CVE-2025-38273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38273"
},
{
"name": "CVE-2025-38346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38346"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2025-21722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21722"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
},
{
"name": "CVE-2022-2719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2719"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2023-34151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34151"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2021-43809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43809"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2015-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1606"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2023-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3896"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2020-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21599"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39978"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-38320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38320"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8177"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2021-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20311"
},
{
"name": "CVE-2024-58055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58055"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2024-57993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57993"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2021-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20241"
},
{
"name": "CVE-2017-12674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12674"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2025-62171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62171"
},
{
"name": "CVE-2025-38280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2025-50950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50950"
},
{
"name": "CVE-2020-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21605"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2017-1000476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000476"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2015-8863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8863"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2018-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11656"
},
{
"name": "CVE-2025-38103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38103"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2025-38514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38514"
},
{
"name": "CVE-2018-19876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19876"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-20310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20310"
},
{
"name": "CVE-2021-20245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20245"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2025-21732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21732"
},
{
"name": "CVE-2025-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38569"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2023-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22796"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2025-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38204"
},
{
"name": "CVE-2021-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40812"
},
{
"name": "CVE-2021-4217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4217"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2018-9135",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9135"
},
{
"name": "CVE-2025-38410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38410"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2021-39212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39212"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2017-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12433"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2021-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3574"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-58006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58006"
},
{
"name": "CVE-2025-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21710"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2025-22088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22088"
},
{
"name": "CVE-2025-38460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38460"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2025-38345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-21815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21815"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2017-6836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6836"
},
{
"name": "CVE-2021-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3500"
},
{
"name": "CVE-2022-25310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25310"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2025-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57807"
},
{
"name": "CVE-2025-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2024-58080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58080"
},
{
"name": "CVE-2025-21744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21744"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2025-31498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31498"
},
{
"name": "CVE-2022-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30698"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2024-57986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57986"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2021-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20244"
},
{
"name": "CVE-2025-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38181"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38391"
},
{
"name": "CVE-2025-11411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2016-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9844"
},
{
"name": "CVE-2019-13136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3941"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2025-21811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21811"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0969",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36320",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36320"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36423",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36423"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36364"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36351"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36424",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36424"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36412",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36412"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36388",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36388"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36426",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36426"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36411",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36411"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36357",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36357"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36408",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36408"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36349",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36349"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36414",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36414"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36397",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36397"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36389",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36389"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36398",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36398"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36380",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36380"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36407"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36362",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36362"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36413",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36413"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36384",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36384"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36379",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36379"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36400",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36400"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36377",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36377"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36368",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36368"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36418",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36418"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36420",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36420"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36391",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36391"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36392",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36392"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36353",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36353"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-14",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36356"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36422",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36422"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36381",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36381"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36421",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36421"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36416",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36416"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-86",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36415"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36403",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36403"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36347",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36347"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36383",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36383"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36410",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36410"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36352",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36352"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36394",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36394"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36354",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36354"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36399",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36399"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36350"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36419",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36419"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-85",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36401"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36365"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36405"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36367"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36395",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36395"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36387",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36387"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36363",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36363"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36385",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36385"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36409",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36409"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36359"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36348",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36348"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36386",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36386"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36417",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36417"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36425",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36425"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36366"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36360"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36355",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36355"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36358"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36396",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36396"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36378",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36378"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36382",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36382"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36404"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36361"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36402",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36402"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36393",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36393"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36406",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36406"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36390"
}
]
}
CERTFR-2025-AVI-0933
Vulnerability from certfr_avis - Published: 2025-10-28 - Updated: 2025-10-28
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.12",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.47",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.110",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
}
],
"initial_release_date": "2025-10-28T00:00:00",
"last_revision_date": "2025-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0933",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.12",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.110",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.47",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
}
]
}
CERTFR-2025-AVI-0933
Vulnerability from certfr_avis - Published: 2025-10-28 - Updated: 2025-10-28
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.12",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.47",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.110",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
}
],
"initial_release_date": "2025-10-28T00:00:00",
"last_revision_date": "2025-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0933",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.12",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.110",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.47",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
}
]
}
CERTFR-2025-AVI-1013
Vulnerability from certfr_avis - Published: 2025-11-14 - Updated: 2025-11-14
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | AIX | AIX versions 7.2.5 sans le correctif de sécurité IJ55968 SP11 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.2.0 sans le correctif de sécurité PH68819 | ||
| IBM | QRadar | QRadar Network Packet Capture versions 7.5.x antérieures à QRadar Network Packet Capture 7.5.0 Update Package 14 | ||
| IBM | AIX | AIX versions 7.3.2 sans le correctif de sécurité IJ56113 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.1.1 sans le correctif de sécurité PH68819 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.0.0 sans le correctif de sécurité PH68266 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité 9.0.5.27 | ||
| IBM | Sterling | Sterling Transformation Extender versions 10.1.1.1 sans le correctif de sécurité PH68266 | ||
| IBM | Db2 | Db2 versions 11.5.x sans le dernier correctif de sécurité | ||
| IBM | Tivoli | Tivoli Application Dependency Discovery Manager versions 7.3.x à 7.3.0.12 sans le correctif de sécurité efix_CVE-2025-48976_FP12250331.zip | ||
| IBM | N/A | QRadar DNS Analyzer App versions antérieures à 2.0.4 | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.3 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.11 sans le correctif de sécurité 25.0.0.12 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans le correctif de sécurité 8.5.5.29 | ||
| IBM | AIX | AIX versions 7.3.1 sans le correctif de sécurité IJ56230 | ||
| IBM | Cognos Analytics | Cognos Analytics Certified Containers versions 1.2.1.x antérieures à 12.1.1 | ||
| IBM | Sterling | Sterling Transformation Extender versions 10.1.2.1 sans le correctif de sécurité PH68266 | ||
| IBM | Db2 | Db2 versions 11.1.x sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling Transformation Extender versions 10.1.0.2 sans le correctif de sécurité PH68266 | ||
| IBM | AIX | AIX versions 7.3.3 sans le correctif de sécurité IJ55897 SP2 | ||
| IBM | Storage Protect | Storage Protect Operations Center versions 8.1.x antérieures à 8.1.27.100 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5 à 7.5.0 IP14 sans les correctif de sécurité QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AIX versions 7.2.5 sans le correctif de s\u00e9curit\u00e9 IJ55968 SP11",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH68819",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 QRadar Network Packet Capture 7.5.0 Update Package 14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.2 sans le correctif de s\u00e9curit\u00e9 IJ56113",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 PH68819",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 9.0.5.27",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Application Dependency Discovery Manager versions 7.3.x \u00e0 7.3.0.12 sans le correctif de s\u00e9curit\u00e9 efix_CVE-2025-48976_FP12250331.zip",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.3 sans le dernier correctif de s\u00e9curit\u00e9 ",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.11 sans le correctif de s\u00e9curit\u00e9 25.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x sans le correctif de s\u00e9curit\u00e9 8.5.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.1 sans le correctif de s\u00e9curit\u00e9 IJ56230",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Certified Containers versions 1.2.1.x ant\u00e9rieures \u00e0 12.1.1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.1.x sans le dernier correctif de s\u00e9curit\u00e9 ",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.3 sans le correctif de s\u00e9curit\u00e9 IJ55897 SP2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Storage Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.27.100",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5 \u00e0 7.5.0 IP14 sans les correctif de s\u00e9curit\u00e9 QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs ",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2025-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-36236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36236"
},
{
"name": "CVE-2025-49812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
},
{
"name": "CVE-2025-39757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2024-49350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
},
{
"name": "CVE-2025-36251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36251"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-36250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36250"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-38527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38527"
},
{
"name": "CVE-2025-38449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
},
{
"name": "CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"name": "CVE-2025-39730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39730"
},
{
"name": "CVE-2025-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2020-16971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16971"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2024-56347",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56347"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53125"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49985"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
},
{
"name": "CVE-2025-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-47252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-36096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36096"
},
{
"name": "CVE-2025-3050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
},
{
"name": "CVE-2025-38718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
},
{
"name": "CVE-2025-38392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38392"
},
{
"name": "CVE-2023-53373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
},
{
"name": "CVE-2024-52903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-56346",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56346"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
},
{
"name": "CVE-2022-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
},
{
"name": "CVE-2025-40928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40928"
},
{
"name": "CVE-2022-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50087"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-49630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-33150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33150"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2024-47619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
}
],
"initial_release_date": "2025-11-14T00:00:00",
"last_revision_date": "2025-11-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250959",
"url": "https://www.ibm.com/support/pages/node/7250959"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249983",
"url": "https://www.ibm.com/support/pages/node/7249983"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250785",
"url": "https://www.ibm.com/support/pages/node/7250785"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249992",
"url": "https://www.ibm.com/support/pages/node/7249992"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249994",
"url": "https://www.ibm.com/support/pages/node/7249994"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250921",
"url": "https://www.ibm.com/support/pages/node/7250921"
},
{
"published_at": "2025-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250486",
"url": "https://www.ibm.com/support/pages/node/7250486"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250907",
"url": "https://www.ibm.com/support/pages/node/7250907"
},
{
"published_at": "2025-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250395",
"url": "https://www.ibm.com/support/pages/node/7250395"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250956",
"url": "https://www.ibm.com/support/pages/node/7250956"
},
{
"published_at": "2025-11-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250763",
"url": "https://www.ibm.com/support/pages/node/7250763"
},
{
"published_at": "2025-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
"url": "https://www.ibm.com/support/pages/node/7250474"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250971",
"url": "https://www.ibm.com/support/pages/node/7250971"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250926",
"url": "https://www.ibm.com/support/pages/node/7250926"
},
{
"published_at": "2025-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7251173",
"url": "https://www.ibm.com/support/pages/node/7251173"
}
]
}
CERTFR-2025-AVI-0969
Vulnerability from certfr_avis - Published: 2025-11-06 - Updated: 2025-11-06
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | GenAI sur Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.90.x | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.58 | ||
| VMware | Tanzu Kubernetes Runtime | Python Buildpack versions antérieures à 1.8.63 | ||
| VMware | Tanzu Kubernetes Runtime | VMware Tanzu pour MySQL sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Kubernetes Runtime | API Gateway pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | Tanzu Kubernetes Runtime | PHP Buildpack versions antérieures à 4.6.49 | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Platform versions antérieures à 1.16.14 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.915.x | ||
| VMware | Tanzu Application Service | CredHub Service Broker versions antérieures à 1.6.6 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.915.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Application Service versions antérieures à 1.16.13 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.77.x | ||
| VMware | Services Suite | Platform Automation Toolkit versions antérieures à 5.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.906.x | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Data Flow pour VMware Tanzu versions antérieures à 1.14.9 | ||
| VMware | Tanzu Kubernetes Runtime | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.9 | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Services pour VMware Tanzu versions antérieures à 3.3.10 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Concourse pour VMware Tanzu versions antérieures à 7.14.1+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Ruby Buildpack versions antérieures à 1.10.46 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Telemetry pour VMware Tanzu Platform versions antérieures à 2.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.103.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Hub versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.906.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GenAI sur Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.90.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.58",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Python Buildpack versions ant\u00e9rieures \u00e0 1.8.63",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour MySQL sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "API Gateway pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "PHP Buildpack versions ant\u00e9rieures \u00e0 4.6.49",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.16.14",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Service Broker versions ant\u00e9rieures \u00e0 1.6.6",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.13",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.77.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.3.2",
"product": {
"name": "Services Suite",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow pour VMware Tanzu versions ant\u00e9rieures \u00e0 1.14.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.5.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services pour VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.10",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Concourse pour VMware Tanzu versions ant\u00e9rieures \u00e0 7.14.1+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Ruby Buildpack versions ant\u00e9rieures \u00e0 1.10.46",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.103.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-57981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57981"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2022-25308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25308"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-27102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27102"
},
{
"name": "CVE-2022-43236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43236"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2005-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0602"
},
{
"name": "CVE-2017-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6834"
},
{
"name": "CVE-2025-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22003"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3428"
},
{
"name": "CVE-2021-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3933"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43237"
},
{
"name": "CVE-2021-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23215"
},
{
"name": "CVE-2022-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1115"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21798"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21889"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-38328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38328"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2023-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3195"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2021-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20243"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2014-9157",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9157"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2021-26260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26260"
},
{
"name": "CVE-2023-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0922"
},
{
"name": "CVE-2025-38100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"name": "CVE-2017-18250",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18250"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-40002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40002"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2025-8851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8851"
},
{
"name": "CVE-2024-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58010"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-57973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57973"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2001-1268",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1268"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22017"
},
{
"name": "CVE-2025-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38108"
},
{
"name": "CVE-2025-21783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
},
{
"name": "CVE-2025-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38229"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2020-27769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27769"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2014-9748",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9748"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2022-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1623"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2024-38829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38829"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2017-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6831"
},
{
"name": "CVE-2024-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58034"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2023-38471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38471"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2020-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27776"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21743"
},
{
"name": "CVE-2025-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38147"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2023-34475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34475"
},
{
"name": "CVE-2024-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26896"
},
{
"name": "CVE-2025-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38286"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2025-12380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12380"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2022-2929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2929"
},
{
"name": "CVE-2018-15120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15120"
},
{
"name": "CVE-2024-58069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58069"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2025-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4287"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2025-21731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21731"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3605"
},
{
"name": "CVE-2025-38515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38515"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2017-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10928"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2025-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38163"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2017-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12429"
},
{
"name": "CVE-2025-38444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38444"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2023-2157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2157"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-58082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58082"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2025-55551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2023-48368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48368"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38157"
},
{
"name": "CVE-2023-24757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24757"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2022-31683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31683"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2025-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21872"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2017-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6832"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2024-45720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45720"
},
{
"name": "CVE-2022-1056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1056"
},
{
"name": "CVE-2018-10805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10805"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2025-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38219"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2025-38466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2020-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15095"
},
{
"name": "CVE-2018-16328",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16328"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5745"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2022-43239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43239"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2022-32546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32546"
},
{
"name": "CVE-2025-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0838"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2025-55553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55553"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2021-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4219"
},
{
"name": "CVE-2018-15798",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15798"
},
{
"name": "CVE-2025-55154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55154"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2017-11447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11447"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2023-39593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39593"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-46569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46569"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2018-14434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14434"
},
{
"name": "CVE-2019-6293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6293"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2021-3468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3468"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-58061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58061"
},
{
"name": "CVE-2025-46148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46148"
},
{
"name": "CVE-2024-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58058"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2149"
},
{
"name": "CVE-2021-3502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3502"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2018-16329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16329"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58056"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2024-43790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43790"
},
{
"name": "CVE-2025-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38313"
},
{
"name": "CVE-2025-38336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38336"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2025-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22009"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2025-21727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21727"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43240"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2021-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20312"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2023-52593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52593"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2023-26785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26785"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2024-57970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21929"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2025-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21735"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-3000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3000"
},
{
"name": "CVE-2022-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3213"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38112"
},
{
"name": "CVE-2025-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5878"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2024-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58063"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2025-38500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38500"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8961"
},
{
"name": "CVE-2025-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21977"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2025-21779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
},
{
"name": "CVE-2024-58005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-38203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38203"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2022-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0909"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2023-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38633"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2021-46312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46312"
},
{
"name": "CVE-2018-14628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14628"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38476"
},
{
"name": "CVE-2019-6461",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6461"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2015-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
},
{
"name": "CVE-2022-43244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43244"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2015-7696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7696"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2025-38387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38387"
},
{
"name": "CVE-2023-45922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45922"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-38362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38362"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2025-40004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40004"
},
{
"name": "CVE-2017-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7619"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-38371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38371"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-57982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57982"
},
{
"name": "CVE-2025-38445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38445"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-21746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-24070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2019-17547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17547"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2021-36411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36411"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2018-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10919"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-53014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53014"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2018-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10804"
},
{
"name": "CVE-2025-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38159"
},
{
"name": "CVE-2022-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0907"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-3670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3670"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2025-38305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-38067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2024-58054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58054"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40364"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2013-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2064"
},
{
"name": "CVE-2025-38401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38401"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2024-58070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58070"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2020-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25663"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58057"
},
{
"name": "CVE-2025-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0306"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-58007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58007"
},
{
"name": "CVE-2023-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1355"
},
{
"name": "CVE-2025-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21995"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37967"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38102"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2025-55560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55560"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2025-59842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59842"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2024-27766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27766"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21714"
},
{
"name": "CVE-2024-58078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58078"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-38399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38399"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2023-34153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34153"
},
{
"name": "CVE-2023-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3618"
},
{
"name": "CVE-2020-14153",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14153"
},
{
"name": "CVE-2022-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1114"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2025-38412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38412"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2011-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2207"
},
{
"name": "CVE-2025-54874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54874"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2025-38293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38293"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21830"
},
{
"name": "CVE-2018-12600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12600"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2025-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38184"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2025-9340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9340"
},
{
"name": "CVE-2023-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24758"
},
{
"name": "CVE-2025-55552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2016-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7531"
},
{
"name": "CVE-2006-3082",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3082"
},
{
"name": "CVE-2023-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5341"
},
{
"name": "CVE-2025-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8534"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3262"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-0743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0743"
},
{
"name": "CVE-2025-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21961"
},
{
"name": "CVE-2025-38458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38458"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2016-10062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10062"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2023-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34152"
},
{
"name": "CVE-2022-43249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43249"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2024-58085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58085"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2025-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38135"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2022-43242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43242"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2025-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2019-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14844"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21982"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-21828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21828"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2025-38363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38363"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2022-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0865"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2025-38319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38319"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2022-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0529"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2016-7514",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7514"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2025-9092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9092"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2021-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3598"
},
{
"name": "CVE-2025-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21880"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-38212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-38298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38298"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-37974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37974"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2024-57834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
},
{
"name": "CVE-2025-55197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55197"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55558"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2024-58017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58017"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2025-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21809"
},
{
"name": "CVE-2025-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38419"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2021-32490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32490"
},
{
"name": "CVE-2020-27768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27768"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2016-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5118"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-46045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46045"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2025-55557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55557"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2025-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2999"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2021-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35452"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2020-10251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10251"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2025-21745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2020-18781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18781"
},
{
"name": "CVE-2025-7709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7709"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38251"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38120"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2025-38285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37750"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38161"
},
{
"name": "CVE-2025-9640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9640"
},
{
"name": "CVE-2022-1897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
},
{
"name": "CVE-2022-43248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43248"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2024-58081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58081"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2017-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6829"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2021-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4214"
},
{
"name": "CVE-2025-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21911"
},
{
"name": "CVE-2023-24752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24752"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-43245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43245"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2018-9133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9133"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38115"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2025-21816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21816"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2021-36410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36410"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
},
{
"name": "CVE-2025-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38153"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2024-58003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58003"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-38395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38395"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38337"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2024-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-38465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-38513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38513"
},
{
"name": "CVE-2025-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21736"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21741"
},
{
"name": "CVE-2020-18032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18032"
},
{
"name": "CVE-2017-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6833"
},
{
"name": "CVE-2025-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21808"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-58076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58076"
},
{
"name": "CVE-2023-24751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24751"
},
{
"name": "CVE-2025-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21708"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21720"
},
{
"name": "CVE-2025-32463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32463"
},
{
"name": "CVE-2015-7747",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7747"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2025-55004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55004"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38441"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2023-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38037"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2519"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21711"
},
{
"name": "CVE-2025-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2998"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2021-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20313"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2023-45913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45913"
},
{
"name": "CVE-2018-13153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13153"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2023-34474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34474"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-38227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38227"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-58079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58079"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2021-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45931"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2021-28544",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2025-21734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21734"
},
{
"name": "CVE-2025-32728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32728"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2021-44964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44964"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2018-14437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14437"
},
{
"name": "CVE-2024-13978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13978"
},
{
"name": "CVE-2025-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21890"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2021-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3596"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2024-57883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57883"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2017-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6830"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-21748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21748"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2021-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46310"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38074"
},
{
"name": "CVE-2024-58086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
},
{
"name": "CVE-2025-38119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38119"
},
{
"name": "CVE-2025-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38245"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2020-14152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14152"
},
{
"name": "CVE-2025-38324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38324"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2024-58051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58051"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2025-9390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9390"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2019-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9904"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2025-9165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9165"
},
{
"name": "CVE-2023-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1981"
},
{
"name": "CVE-2023-30571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30571"
},
{
"name": "CVE-2022-2231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2231"
},
{
"name": "CVE-2025-46150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46150"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38542"
},
{
"name": "CVE-2025-38344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38344"
},
{
"name": "CVE-2023-28120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28120"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2025-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38088"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2020-35492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35492"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2023-1289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1289"
},
{
"name": "CVE-2025-38386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38386"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2025-9341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9341"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-21895",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21895"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2018-16412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16412"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2019-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6462"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2021-32493",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32493"
},
{
"name": "CVE-2023-24754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24754"
},
{
"name": "CVE-2020-29509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29509"
},
{
"name": "CVE-2023-5568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5568"
},
{
"name": "CVE-2023-38470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38470"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2025-38237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38237"
},
{
"name": "CVE-2025-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38174"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2025-21888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21888"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2024-57990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57990"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2014-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9636"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2022-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2022-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2521"
},
{
"name": "CVE-2023-49582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49582"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21976"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-57975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57975"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-32491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32491"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0924"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2022-33068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33068"
},
{
"name": "CVE-2025-38342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-58068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58068"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2024-57998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57998"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-38206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38206"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2023-47282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47282"
},
{
"name": "CVE-2016-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-20012"
},
{
"name": "CVE-2025-38111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2019-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3792"
},
{
"name": "CVE-2022-43235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43235"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22001"
},
{
"name": "CVE-2024-10524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
},
{
"name": "CVE-2025-40017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40017"
},
{
"name": "CVE-2023-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45919"
},
{
"name": "CVE-2025-38326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38326"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2018-15607",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15607"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38384"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38424"
},
{
"name": "CVE-2025-38430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2025-3001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3001"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-32545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32545"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2025-21820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21820"
},
{
"name": "CVE-2017-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6838"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-41817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41817"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6835"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2025-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38420"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2024-57997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57997"
},
{
"name": "CVE-2025-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38160"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-31782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31782"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38107"
},
{
"name": "CVE-2025-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32434"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2025-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"name": "CVE-2025-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38197"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2022-43253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43253"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2025-53019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53019"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-53367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53367"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2021-45942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45942"
},
{
"name": "CVE-2022-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1615"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2021-20246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20246"
},
{
"name": "CVE-2025-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21707"
},
{
"name": "CVE-2023-24755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24755"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-38467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38467"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2025-21804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21804"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2017-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6837"
},
{
"name": "CVE-2014-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9913"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-37407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37407"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2025-22011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22011"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43252"
},
{
"name": "CVE-2023-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0614"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2020-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21606"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2001-1269",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1269"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38617"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2023-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47169"
},
{
"name": "CVE-2025-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38122"
},
{
"name": "CVE-2025-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21801"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-38173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38173"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2148"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38143"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2023-38469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38469"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2016-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5841"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53101"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2022-44267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44267"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2019-8321",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8321"
},
{
"name": "CVE-2025-21826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21826"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-21750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21750"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2025-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46393"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2021-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0561"
},
{
"name": "CVE-2018-12599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12599"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-38416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38416"
},
{
"name": "CVE-2022-1587",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1587"
},
{
"name": "CVE-2025-21825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21825"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0284"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2024-58016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58016"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21903"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2025-38194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38194"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1667"
},
{
"name": "CVE-2022-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2953"
},
{
"name": "CVE-2022-43238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43238"
},
{
"name": "CVE-2025-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3121"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2024-20696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20696"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-46149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46149"
},
{
"name": "CVE-2021-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26945"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-46152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46152"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2025-38348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38348"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2025-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38540"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2022-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28463"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2025-21726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21726"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2018-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3779"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2022-28805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28805"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2025-21723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21723"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38146"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2022-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1355"
},
{
"name": "CVE-2025-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47291"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2025-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38418"
},
{
"name": "CVE-2025-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38090"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2025-21810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21810"
},
{
"name": "CVE-2022-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2021-24031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24031"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-46153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46153"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2025-5994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5994"
},
{
"name": "CVE-2021-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38115"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2021-31879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2021-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20309"
},
{
"name": "CVE-2022-29217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29217"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38472"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2017-12643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12643"
},
{
"name": "CVE-2024-57953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57953"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2021-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26720"
},
{
"name": "CVE-2025-54801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54801"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2023-24756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24756"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2022-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2520"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-9403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9403"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2016-4074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4074"
},
{
"name": "CVE-2024-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0746"
},
{
"name": "CVE-2025-21775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2022-33099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33099"
},
{
"name": "CVE-2023-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45931"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-38400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26775"
},
{
"name": "CVE-2022-25309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25309"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38136"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-55212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55212"
},
{
"name": "CVE-2022-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36087"
},
{
"name": "CVE-2022-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32547"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-26280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26280"
},
{
"name": "CVE-2025-37752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37752"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2025-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21873"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2018-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11655"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2022-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2928"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-57803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57803"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2020-29511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29511"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2015-7697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7697"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21742"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-43243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43243"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2017-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16231"
},
{
"name": "CVE-2025-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38406"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21930"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2017-9409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9409"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2025-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21892"
},
{
"name": "CVE-2024-58052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58052"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2025-55554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
},
{
"name": "CVE-2024-43168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43168"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22016"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2025-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38263"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-46901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46901"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2025-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21955"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"name": "CVE-2025-21773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38218"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2024-43167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43167"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-1000035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000035"
},
{
"name": "CVE-2021-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40211"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2025-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"name": "CVE-2024-26256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2020-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0499"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3136"
},
{
"name": "CVE-2025-55160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55160"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38249"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2022-48703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48703"
},
{
"name": "CVE-2025-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38154"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30699"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-38389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38389"
},
{
"name": "CVE-2025-38448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38448"
},
{
"name": "CVE-2022-48281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48281"
},
{
"name": "CVE-2023-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2426"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2025-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
},
{
"name": "CVE-2021-20176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20176"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2025-55298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55298"
},
{
"name": "CVE-2022-43241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43241"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38377"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2023-22656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22656"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-43965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43965"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2021-36408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36408"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2023-39327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
},
{
"name": "CVE-2017-18253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18253"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-58053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58053"
},
{
"name": "CVE-2025-38516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38516"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-38462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38462"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38428"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2018-13410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13410"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-38262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38262"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2025-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38138"
},
{
"name": "CVE-2021-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3610"
},
{
"name": "CVE-2024-58077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58077"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-38310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38310"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2022-43250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43250"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2025-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38226"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38473"
},
{
"name": "CVE-2025-38443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38443"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-52099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52099"
},
{
"name": "CVE-2023-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43887"
},
{
"name": "CVE-2025-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21967"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"name": "CVE-2025-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38439"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38145"
},
{
"name": "CVE-2022-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2598"
},
{
"name": "CVE-2020-27829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27829"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-21749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21749"
},
{
"name": "CVE-2017-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6839"
},
{
"name": "CVE-2023-1906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1906"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2023-47471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47471"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2022-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1771"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2021-32492",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32492"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-55005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55005"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2022-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1586"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-40015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40015"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2025-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21829"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2024-57999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57999"
},
{
"name": "CVE-2018-16645",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16645"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2025-21969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21969"
},
{
"name": "CVE-2025-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38200"
},
{
"name": "CVE-2025-40007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40007"
},
{
"name": "CVE-2024-58072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58072"
},
{
"name": "CVE-2025-38273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38273"
},
{
"name": "CVE-2025-38346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38346"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2025-21722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21722"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
},
{
"name": "CVE-2022-2719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2719"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2023-34151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34151"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2021-43809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43809"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2015-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1606"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2023-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3896"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2020-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21599"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39978"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-38320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38320"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8177"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2021-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20311"
},
{
"name": "CVE-2024-58055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58055"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2024-57993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57993"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2021-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20241"
},
{
"name": "CVE-2017-12674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12674"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2025-62171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62171"
},
{
"name": "CVE-2025-38280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2025-50950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50950"
},
{
"name": "CVE-2020-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21605"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2017-1000476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000476"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2015-8863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8863"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2018-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11656"
},
{
"name": "CVE-2025-38103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38103"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2025-38514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38514"
},
{
"name": "CVE-2018-19876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19876"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-20310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20310"
},
{
"name": "CVE-2021-20245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20245"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2025-21732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21732"
},
{
"name": "CVE-2025-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38569"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2023-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22796"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2025-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38204"
},
{
"name": "CVE-2021-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40812"
},
{
"name": "CVE-2021-4217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4217"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2018-9135",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9135"
},
{
"name": "CVE-2025-38410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38410"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2021-39212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39212"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2017-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12433"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2021-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3574"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-58006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58006"
},
{
"name": "CVE-2025-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21710"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2025-22088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22088"
},
{
"name": "CVE-2025-38460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38460"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2025-38345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-21815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21815"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2017-6836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6836"
},
{
"name": "CVE-2021-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3500"
},
{
"name": "CVE-2022-25310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25310"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2025-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57807"
},
{
"name": "CVE-2025-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2024-58080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58080"
},
{
"name": "CVE-2025-21744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21744"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2025-31498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31498"
},
{
"name": "CVE-2022-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30698"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2024-57986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57986"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2021-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20244"
},
{
"name": "CVE-2025-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38181"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38391"
},
{
"name": "CVE-2025-11411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2016-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9844"
},
{
"name": "CVE-2019-13136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3941"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2025-21811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21811"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0969",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36320",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36320"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36423",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36423"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36364"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36351"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36424",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36424"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36412",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36412"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36388",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36388"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36426",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36426"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36411",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36411"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36357",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36357"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36408",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36408"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36349",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36349"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36414",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36414"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36397",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36397"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36389",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36389"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36398",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36398"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36380",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36380"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36407"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36362",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36362"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36413",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36413"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36384",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36384"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36379",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36379"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36400",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36400"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36377",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36377"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36368",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36368"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36418",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36418"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36420",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36420"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36391",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36391"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36392",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36392"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36353",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36353"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-14",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36356"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36422",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36422"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36381",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36381"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36421",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36421"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36416",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36416"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-86",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36415"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36403",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36403"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36347",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36347"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36383",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36383"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36410",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36410"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36352",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36352"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36394",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36394"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36354",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36354"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36399",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36399"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36350"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36419",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36419"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-85",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36401"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36365"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36405"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36367"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36395",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36395"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36387",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36387"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36363",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36363"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36385",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36385"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36409",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36409"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36359"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36348",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36348"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36386",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36386"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36417",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36417"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36425",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36425"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36366"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36360"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36355",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36355"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36358"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36396",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36396"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36378",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36378"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36382",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36382"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36404"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36361"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36402",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36402"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36393",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36393"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36406",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36406"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36390"
}
]
}
CERTFR-2025-AVI-1129
Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.11 | ||
| VMware | Tanzu Platform | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.1 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.3.2 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.2.6+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | .NET Core Buildpack versions antérieures à 2.4.72 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.23+LTS-T |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.6+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.72",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.23+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3573"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-27111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27111"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-3044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3044"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2020-7792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7792"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25184"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-12194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12194"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-19T00:00:00",
"last_revision_date": "2025-12-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36626"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36633",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36633"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36630",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36630"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36631",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36631"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36629"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36632",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36632"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36627"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36628"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36625",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36625"
}
]
}
CERTFR-2025-AVI-1013
Vulnerability from certfr_avis - Published: 2025-11-14 - Updated: 2025-11-14
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | AIX | AIX versions 7.2.5 sans le correctif de sécurité IJ55968 SP11 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.2.0 sans le correctif de sécurité PH68819 | ||
| IBM | QRadar | QRadar Network Packet Capture versions 7.5.x antérieures à QRadar Network Packet Capture 7.5.0 Update Package 14 | ||
| IBM | AIX | AIX versions 7.3.2 sans le correctif de sécurité IJ56113 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.1.1 sans le correctif de sécurité PH68819 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.0.0 sans le correctif de sécurité PH68266 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité 9.0.5.27 | ||
| IBM | Sterling | Sterling Transformation Extender versions 10.1.1.1 sans le correctif de sécurité PH68266 | ||
| IBM | Db2 | Db2 versions 11.5.x sans le dernier correctif de sécurité | ||
| IBM | Tivoli | Tivoli Application Dependency Discovery Manager versions 7.3.x à 7.3.0.12 sans le correctif de sécurité efix_CVE-2025-48976_FP12250331.zip | ||
| IBM | N/A | QRadar DNS Analyzer App versions antérieures à 2.0.4 | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.3 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.11 sans le correctif de sécurité 25.0.0.12 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans le correctif de sécurité 8.5.5.29 | ||
| IBM | AIX | AIX versions 7.3.1 sans le correctif de sécurité IJ56230 | ||
| IBM | Cognos Analytics | Cognos Analytics Certified Containers versions 1.2.1.x antérieures à 12.1.1 | ||
| IBM | Sterling | Sterling Transformation Extender versions 10.1.2.1 sans le correctif de sécurité PH68266 | ||
| IBM | Db2 | Db2 versions 11.1.x sans le dernier correctif de sécurité | ||
| IBM | Sterling | Sterling Transformation Extender versions 10.1.0.2 sans le correctif de sécurité PH68266 | ||
| IBM | AIX | AIX versions 7.3.3 sans le correctif de sécurité IJ55897 SP2 | ||
| IBM | Storage Protect | Storage Protect Operations Center versions 8.1.x antérieures à 8.1.27.100 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5 à 7.5.0 IP14 sans les correctif de sécurité QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AIX versions 7.2.5 sans le correctif de s\u00e9curit\u00e9 IJ55968 SP11",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH68819",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 QRadar Network Packet Capture 7.5.0 Update Package 14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.2 sans le correctif de s\u00e9curit\u00e9 IJ56113",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 PH68819",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 9.0.5.27",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Application Dependency Discovery Manager versions 7.3.x \u00e0 7.3.0.12 sans le correctif de s\u00e9curit\u00e9 efix_CVE-2025-48976_FP12250331.zip",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.3 sans le dernier correctif de s\u00e9curit\u00e9 ",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.11 sans le correctif de s\u00e9curit\u00e9 25.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x sans le correctif de s\u00e9curit\u00e9 8.5.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.1 sans le correctif de s\u00e9curit\u00e9 IJ56230",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Certified Containers versions 1.2.1.x ant\u00e9rieures \u00e0 12.1.1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.1.x sans le dernier correctif de s\u00e9curit\u00e9 ",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 PH68266",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.3 sans le correctif de s\u00e9curit\u00e9 IJ55897 SP2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Storage Protect Operations Center versions 8.1.x ant\u00e9rieures \u00e0 8.1.27.100",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5 \u00e0 7.5.0 IP14 sans les correctif de s\u00e9curit\u00e9 QRadar 7.5.0 UP14 IF01 et 7.5.0 QRadar Protocol MicrosoftAzureEventHubs ",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2025-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-36236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36236"
},
{
"name": "CVE-2025-49812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
},
{
"name": "CVE-2025-39757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2024-49350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
},
{
"name": "CVE-2025-36251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36251"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-36250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36250"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-38527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38527"
},
{
"name": "CVE-2025-38449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
},
{
"name": "CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"name": "CVE-2025-39730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39730"
},
{
"name": "CVE-2025-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2020-16971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16971"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2024-56347",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56347"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53125"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49985"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
},
{
"name": "CVE-2025-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-47252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-36096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36096"
},
{
"name": "CVE-2025-3050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
},
{
"name": "CVE-2025-38718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
},
{
"name": "CVE-2025-38392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38392"
},
{
"name": "CVE-2023-53373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
},
{
"name": "CVE-2024-52903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-56346",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56346"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
},
{
"name": "CVE-2022-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
},
{
"name": "CVE-2025-40928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40928"
},
{
"name": "CVE-2022-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50087"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-49630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-33150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33150"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2024-47619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
}
],
"initial_release_date": "2025-11-14T00:00:00",
"last_revision_date": "2025-11-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250959",
"url": "https://www.ibm.com/support/pages/node/7250959"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249983",
"url": "https://www.ibm.com/support/pages/node/7249983"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250785",
"url": "https://www.ibm.com/support/pages/node/7250785"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249992",
"url": "https://www.ibm.com/support/pages/node/7249992"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249994",
"url": "https://www.ibm.com/support/pages/node/7249994"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250921",
"url": "https://www.ibm.com/support/pages/node/7250921"
},
{
"published_at": "2025-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250486",
"url": "https://www.ibm.com/support/pages/node/7250486"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250907",
"url": "https://www.ibm.com/support/pages/node/7250907"
},
{
"published_at": "2025-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250395",
"url": "https://www.ibm.com/support/pages/node/7250395"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250956",
"url": "https://www.ibm.com/support/pages/node/7250956"
},
{
"published_at": "2025-11-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250763",
"url": "https://www.ibm.com/support/pages/node/7250763"
},
{
"published_at": "2025-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
"url": "https://www.ibm.com/support/pages/node/7250474"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250971",
"url": "https://www.ibm.com/support/pages/node/7250971"
},
{
"published_at": "2025-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250926",
"url": "https://www.ibm.com/support/pages/node/7250926"
},
{
"published_at": "2025-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7251173",
"url": "https://www.ibm.com/support/pages/node/7251173"
}
]
}
CERTFR-2025-AVI-1036
Vulnerability from certfr_avis - Published: 2025-11-24 - Updated: 2025-11-24
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | App Metrics versions antérieures à 2.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.954.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.126.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Platform Services | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Metric Store versions antérieures à 1.8.1 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu | VMware Tanzu pour Postgres on Tanzu Platform versions antérieures à 10.2.1 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.954.x | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Windows) versions antérieures à 2019.92.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.954.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "App Metrics versions ant\u00e9rieures \u00e0 2.3.2",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.126.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Platform Services",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Metric Store versions ant\u00e9rieures \u00e0 1.8.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour Postgres on Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.92.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-13425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13425"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-59530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-40300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2025-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5981"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-24T00:00:00",
"last_revision_date": "2025-11-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1036",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36513",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36513"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36530",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36530"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36512",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36512"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36526",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36526"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36511",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36511"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36525",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36525"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36516",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36516"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36527",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36527"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36536",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36536"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36519",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36519"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36518",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36518"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36524",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36524"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36521",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36521"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36528",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36528"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36522",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36522"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36514",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36514"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36532",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36532"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36509",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36509"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36517",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36517"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36533",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36533"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36537",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36537"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36531",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36531"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36510",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36510"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36523",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36523"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36515",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36515"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36529",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36529"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36534",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36534"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36535",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36535"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36520",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36520"
}
]
}
SUSE-SU-2025:4086-1
Vulnerability from csaf_suse - Published: 2025-11-12 15:02 - Updated: 2025-11-12 15:02Summary
Security update for tomcat11
Notes
Title of the patch
Security update for tomcat11
Description of the patch
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4086,openSUSE-SLE-15.6-2025-4086
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4086,openSUSE-SLE-15.6-2025-4086",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4086-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4086-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254086-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4086-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023270.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-12T15:02:26Z",
"generator": {
"date": "2025-11-12T15:02:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4086-1",
"initial_release_date": "2025-11-12T15:02:26Z",
"revision_history": [
{
"date": "2025-11-12T15:02:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-doc-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-embed-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-lib-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:4184-1
Vulnerability from csaf_suse - Published: 2025-11-24 07:56 - Updated: 2025-11-24 07:56Summary
Security update for tomcat
Notes
Title of the patch
Security update for tomcat
Description of the patch
This update for tomcat fixes the following issues:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4184
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753)\n- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905)\n- CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4184",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4184-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4184-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254184-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4184-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023318.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-11-24T07:56:53Z",
"generator": {
"date": "2025-11-24T07:56:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4184-1",
"initial_release_date": "2025-11-24T07:56:53Z",
"revision_history": [
{
"date": "2025-11-24T07:56:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-9.0.36-3.153.2.noarch",
"product_id": "tomcat-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.153.2.noarch",
"product_id": "tomcat-embed-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.153.2.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch",
"product_id": "tomcat-lib-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch",
"product_id": "tomcat-webapps-9.0.36-3.153.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:21152-1
Vulnerability from csaf_suse - Published: 2025-11-27 15:47 - Updated: 2025-11-27 15:47Summary
Security update for tomcat11
Notes
Title of the patch
Security update for tomcat11
Description of the patch
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames
SUSE-SLES-16.0-72
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21152-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21152-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521152-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21152-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023508.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:47:37Z",
"generator": {
"date": "2025-11-27T15:47:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21152-1",
"initial_release_date": "2025-11-27T15:47:37Z",
"revision_history": [
{
"date": "2025-11-27T15:47:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:4159-1
Vulnerability from csaf_suse - Published: 2025-11-21 14:31 - Updated: 2025-11-21 14:31Summary
Security update for tomcat
Notes
Title of the patch
Security update for tomcat
Description of the patch
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.111:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4159,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4159,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4159,SUSE-Storage-7.1-2025-4159,openSUSE-SLE-15.6-2025-4159
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n Update to Tomcat 9.0.111:\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4159,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4159,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4159,SUSE-Storage-7.1-2025-4159,openSUSE-SLE-15.6-2025-4159",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4159-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4159-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254159-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4159-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023311.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-11-21T14:31:51Z",
"generator": {
"date": "2025-11-21T14:31:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4159-1",
"initial_release_date": "2025-11-21T14:31:51Z",
"revision_history": [
{
"date": "2025-11-21T14:31:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-embed-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-embed-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-javadoc-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-jsvc-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-lib-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-webapps-9.0.111-150200.96.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server LTS 4.3",
"product": {
"name": "SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server-lts:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-embed-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:4103-1
Vulnerability from csaf_suse - Published: 2025-11-14 09:56 - Updated: 2025-11-14 09:56Summary
Security update for tomcat10
Notes
Title of the patch
Security update for tomcat10
Description of the patch
This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.48
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4103,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4103,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4103,openSUSE-SLE-15.6-2025-4103
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat10 fixes the following issues:\n\nUpdate to Tomcat 10.1.48\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4103,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4103,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4103,openSUSE-SLE-15.6-2025-4103",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4103-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4103-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254103-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4103-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023281.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat10",
"tracking": {
"current_release_date": "2025-11-14T09:56:37Z",
"generator": {
"date": "2025-11-14T09:56:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4103-1",
"initial_release_date": "2025-11-14T09:56:37Z",
"revision_history": [
{
"date": "2025-11-14T09:56:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-doc-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-embed-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-lib-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
CNVD-2025-31393
Vulnerability from cnvd - Published: 2025-12-24
VLAI Severity ?
Title
Apache Tomcat资源管理错误漏洞(CNVD-2025-31393)
Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。
Apache Tomcat存在资源管理错误漏洞,该漏洞源于资源关闭或释放不当,攻击者可利用该漏洞导致拒绝服务攻击。
Severity
中
Patch Name
Apache Tomcat资源管理错误漏洞(CNVD-2025-31393)的补丁
Patch Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。
Apache Tomcat存在资源管理错误漏洞,该漏洞源于资源关闭或释放不当,攻击者可利用该漏洞导致拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://tomcat.apache.org/
Reference
https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
Impacted products
| Name | ['Apache Tomcat >=11.0.0-M1,<=11.0.11', 'Apache Tomcat >=10.1.0-M1,<=10.1.46', 'Apache Tomcat >=9.0.0.M1,<=9.0.109', 'Apache Tomcat >=8.5.0,<=8.5.100'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-61795",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
}
},
"description": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\u3002\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\n\nApache Tomcat\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u5173\u95ed\u6216\u91ca\u653e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tomcat.apache.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-31393",
"openTime": "2025-12-24",
"patchDescription": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\u3002\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\r\n\r\nApache Tomcat\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u5173\u95ed\u6216\u91ca\u653e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Tomcat\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-31393\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Apache Tomcat \u003e=11.0.0-M1\uff0c\u003c=11.0.11",
"Apache Tomcat \u003e=10.1.0-M1\uff0c\u003c=10.1.46",
"Apache Tomcat \u003e=9.0.0.M1\uff0c\u003c=9.0.109",
"Apache Tomcat \u003e=8.5.0\uff0c\u003c=8.5.100"
]
},
"referenceLink": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"serverity": "\u4e2d",
"submitTime": "2025-10-31",
"title": "Apache Tomcat\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-31393\uff09"
}
FKIE_CVE-2025-61795
Vulnerability from fkie_nvd - Published: 2025-10-27 18:15 - Updated: 2025-11-14 16:53
Severity ?
Summary
Improper Resource Shutdown or Release vulnerability in Apache Tomcat.
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/10/27/6 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF43D0D7-FBF3-4D7A-84C4-47B65A75A524",
"versionEndIncluding": "8.5.100",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA30BB96-A72D-42BA-9058-7ABBEB5560E9",
"versionEndExcluding": "9.0.110",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B30CA0D9-834D-4044-B03B-7E6E60A4B0E6",
"versionEndExcluding": "10.0.27",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E433C62E-73C1-443F-9C89-D0C2EDF13F99",
"versionEndExcluding": "10.1.47",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03C75BFF-9137-45AF-B5F4-99E2CBF1D3F4",
"versionEndExcluding": "11.0.12",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue."
}
],
"id": "CVE-2025-61795",
"lastModified": "2025-11-14T16:53:33.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-27T18:15:44.200",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/6"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2025:15718-1
Vulnerability from csaf_opensuse - Published: 2025-11-07 00:00 - Updated: 2025-11-07 00:00Summary
tomcat11-11.0.13-1.1 on GA media
Notes
Title of the patch
tomcat11-11.0.13-1.1 on GA media
Description of the patch
These are all security issues fixed in the tomcat11-11.0.13-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15718
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat11-11.0.13-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat11-11.0.13-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15718",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15718-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat11-11.0.13-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15718-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-11.0.13-1.1.aarch64",
"product_id": "tomcat11-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.aarch64",
"product_id": "tomcat11-doc-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.aarch64",
"product_id": "tomcat11-embed-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"product_id": "tomcat11-jsvc-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.aarch64",
"product_id": "tomcat11-lib-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.aarch64",
"product_id": "tomcat11-webapps-11.0.13-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-doc-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-embed-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-jsvc-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-lib-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-webapps-11.0.13-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-11.0.13-1.1.s390x",
"product_id": "tomcat11-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.s390x",
"product_id": "tomcat11-doc-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.s390x",
"product_id": "tomcat11-embed-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.s390x",
"product_id": "tomcat11-jsvc-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.s390x",
"product_id": "tomcat11-lib-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.s390x",
"product_id": "tomcat11-webapps-11.0.13-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-11.0.13-1.1.x86_64",
"product_id": "tomcat11-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.x86_64",
"product_id": "tomcat11-doc-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.x86_64",
"product_id": "tomcat11-embed-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"product_id": "tomcat11-jsvc-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.x86_64",
"product_id": "tomcat11-lib-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.x86_64",
"product_id": "tomcat11-webapps-11.0.13-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2025:15716-1
Vulnerability from csaf_opensuse - Published: 2025-11-07 00:00 - Updated: 2025-11-07 00:00Summary
tomcat-9.0.111-1.1 on GA media
Notes
Title of the patch
tomcat-9.0.111-1.1 on GA media
Description of the patch
These are all security issues fixed in the tomcat-9.0.111-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15716
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat-9.0.111-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat-9.0.111-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15716",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15716-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat-9.0.111-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15716-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-9.0.111-1.1.aarch64",
"product_id": "tomcat-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-embed-9.0.111-1.1.aarch64",
"product_id": "tomcat-embed-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.aarch64",
"product_id": "tomcat-javadoc-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.aarch64",
"product_id": "tomcat-jsvc-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-lib-9.0.111-1.1.aarch64",
"product_id": "tomcat-lib-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.aarch64",
"product_id": "tomcat-webapps-9.0.111-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-9.0.111-1.1.ppc64le",
"product_id": "tomcat-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-embed-9.0.111-1.1.ppc64le",
"product_id": "tomcat-embed-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"product_id": "tomcat-javadoc-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"product_id": "tomcat-jsvc-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-lib-9.0.111-1.1.ppc64le",
"product_id": "tomcat-lib-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.ppc64le",
"product_id": "tomcat-webapps-9.0.111-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-9.0.111-1.1.s390x",
"product_id": "tomcat-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-embed-9.0.111-1.1.s390x",
"product_id": "tomcat-embed-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.s390x",
"product_id": "tomcat-javadoc-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.s390x",
"product_id": "tomcat-jsvc-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-lib-9.0.111-1.1.s390x",
"product_id": "tomcat-lib-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.s390x",
"product_id": "tomcat-webapps-9.0.111-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-9.0.111-1.1.x86_64",
"product_id": "tomcat-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-embed-9.0.111-1.1.x86_64",
"product_id": "tomcat-embed-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.x86_64",
"product_id": "tomcat-javadoc-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.x86_64",
"product_id": "tomcat-jsvc-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-lib-9.0.111-1.1.x86_64",
"product_id": "tomcat-lib-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.x86_64",
"product_id": "tomcat-webapps-9.0.111-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-embed-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-embed-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-embed-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-embed-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-lib-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-lib-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-lib-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-lib-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2025-20106-1
Vulnerability from csaf_opensuse - Published: 2025-11-27 15:43 - Updated: 2025-11-27 15:43Summary
Security update for tomcat11
Notes
Title of the patch
Security update for tomcat11
Description of the patch
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames
openSUSE-Leap-16.0-72
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025-20106-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:43:26Z",
"generator": {
"date": "2025-11-27T15:43:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025-20106-1",
"initial_release_date": "2025-11-27T15:43:26Z",
"revision_history": [
{
"date": "2025-11-27T15:43:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2025:15717-1
Vulnerability from csaf_opensuse - Published: 2025-11-07 00:00 - Updated: 2025-11-07 00:00Summary
tomcat10-10.1.48-1.1 on GA media
Notes
Title of the patch
tomcat10-10.1.48-1.1 on GA media
Description of the patch
These are all security issues fixed in the tomcat10-10.1.48-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15717
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat10-10.1.48-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat10-10.1.48-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15717",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15717-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat10-10.1.48-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15717-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-10.1.48-1.1.aarch64",
"product_id": "tomcat10-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.aarch64",
"product_id": "tomcat10-doc-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.aarch64",
"product_id": "tomcat10-embed-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"product_id": "tomcat10-jsvc-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.aarch64",
"product_id": "tomcat10-lib-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.aarch64",
"product_id": "tomcat10-webapps-10.1.48-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-doc-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-embed-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-jsvc-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-lib-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-webapps-10.1.48-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-10.1.48-1.1.s390x",
"product_id": "tomcat10-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.s390x",
"product_id": "tomcat10-doc-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.s390x",
"product_id": "tomcat10-embed-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.s390x",
"product_id": "tomcat10-jsvc-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.s390x",
"product_id": "tomcat10-lib-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.s390x",
"product_id": "tomcat10-webapps-10.1.48-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-10.1.48-1.1.x86_64",
"product_id": "tomcat10-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.x86_64",
"product_id": "tomcat10-doc-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.x86_64",
"product_id": "tomcat10-embed-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"product_id": "tomcat10-jsvc-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.x86_64",
"product_id": "tomcat10-lib-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.x86_64",
"product_id": "tomcat10-webapps-10.1.48-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
GHSA-HGRR-935X-PQ79
Vulnerability from github – Published: 2025-10-27 18:31 – Updated: 2025-11-21 15:19
VLAI?
Summary
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
Details
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.
The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.47"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.110"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.47"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.110"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.47"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.110"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-61795"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-28T18:02:45Z",
"nvd_published_at": "2025-10-27T18:15:44Z",
"severity": "LOW"
},
"details": "If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"id": "GHSA-hgrr-935x-pq79",
"modified": "2025-11-21T15:19:19Z",
"published": "2025-10-27T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Apache Tomcat Vulnerable to Improper Resource Shutdown or Release"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…