Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-55754 (GCVE-0-2025-55754)
Vulnerability from cvelistv5 – Published: 2025-10-27 17:29 – Updated: 2026-02-26 16:57
VLAI?
EPSS
Title
Apache Tomcat: console manipulation via escape sequences in log messages
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
Severity ?
No CVSS data available.
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.10
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.44 (semver) Affected: 9.0.40 , ≤ 9.0.108 (semver) Affected: 8.5.60 , ≤ 8.5.100 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
Elysee Franchuk of MOBIA Technology Innovations
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T04:55:55.372090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:04.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:16.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.10",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.44",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.108",
"status": "affected",
"version": "9.0.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.60",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Elysee Franchuk of MOBIA Technology Innovations"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:38:25.256Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: console manipulation via escape sequences in log messages",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-55754",
"datePublished": "2025-10-27T17:29:50.756Z",
"dateReserved": "2025-08-15T11:26:40.520Z",
"dateUpdated": "2026-02-26T16:57:04.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55754\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-10-27T18:15:42.710\",\"lastModified\":\"2025-11-14T17:37:41.767\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\\n\\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\\n\\n\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-150\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.60\",\"versionEndIncluding\":\"8.5.100\",\"matchCriteriaId\":\"8252492F-6708-4904-8F48-E53D31B6CAF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.40\",\"versionEndExcluding\":\"9.0.109\",\"matchCriteriaId\":\"80305B12-76BD-409C-9B76-4FD6E849C049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.27\",\"matchCriteriaId\":\"B30CA0D9-834D-4044-B03B-7E6E60A4B0E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.45\",\"matchCriteriaId\":\"27F4F718-AE8D-417A-BEE4-780FD77625D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.11\",\"matchCriteriaId\":\"FC2A3FE1-BC50-419D-AEFA-097C58A3F243\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/10/27/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Apache Tomcat\", \"vendor\": \"Apache Software Foundation\", \"versions\": [{\"lessThanOrEqual\": \"11.0.10\", \"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\"}, {\"lessThanOrEqual\": \"10.1.44\", \"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\"}, {\"lessThanOrEqual\": \"9.0.108\", \"status\": \"affected\", \"version\": \"9.0.40\", \"versionType\": \"semver\"}, {\"lessThanOrEqual\": \"8.5.100\", \"status\": \"affected\", \"version\": \"8.5.60\", \"versionType\": \"semver\"}, {\"lessThan\": \"8.5.0\", \"status\": \"unknown\", \"version\": \"3\", \"versionType\": \"semver\"}, {\"lessThanOrEqual\": \"10.0.27\", \"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Elysee Franchuk of MOBIA Technology Innovations\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\u003c/p\u003e\"}], \"value\": \"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\\n\\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\\n\\n\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\"}], \"metrics\": [{\"other\": {\"content\": {\"text\": \"low\"}, \"type\": \"Textual description of severity\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-150\", \"description\": \"CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:38:25.256Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"title\": \"Apache Tomcat: console manipulation via escape sequences in log messages\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/10/27/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:13:16.888Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55754\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-09T04:55:55.372090Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-28T13:26:42.148Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55754\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"apache\", \"dateReserved\": \"2025-08-15T11:26:40.520Z\", \"datePublished\": \"2025-10-27T17:29:50.756Z\", \"dateUpdated\": \"2026-02-26T16:57:04.342Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2025-20106-1
Vulnerability from csaf_opensuse - Published: 2025-11-27 15:43 - Updated: 2025-11-27 15:43Summary
Security update for tomcat11
Severity
Important
Notes
Title of the patch: Security update for tomcat11
Description of the patch: This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames: openSUSE-Leap-16.0-72
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025-20106-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:43:26Z",
"generator": {
"date": "2025-11-27T15:43:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025-20106-1",
"initial_release_date": "2025-11-27T15:43:26Z",
"revision_history": [
{
"date": "2025-11-27T15:43:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2025:15717-1
Vulnerability from csaf_opensuse - Published: 2025-11-07 00:00 - Updated: 2025-11-07 00:00Summary
tomcat10-10.1.48-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: tomcat10-10.1.48-1.1 on GA media
Description of the patch: These are all security issues fixed in the tomcat10-10.1.48-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15717
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat10-10.1.48-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat10-10.1.48-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15717",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15717-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat10-10.1.48-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15717-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-10.1.48-1.1.aarch64",
"product_id": "tomcat10-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.aarch64",
"product_id": "tomcat10-doc-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.aarch64",
"product_id": "tomcat10-embed-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"product_id": "tomcat10-jsvc-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.aarch64",
"product_id": "tomcat10-lib-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.aarch64",
"product_id": "tomcat10-webapps-10.1.48-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-doc-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-embed-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-jsvc-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-lib-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-webapps-10.1.48-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-10.1.48-1.1.s390x",
"product_id": "tomcat10-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.s390x",
"product_id": "tomcat10-doc-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.s390x",
"product_id": "tomcat10-embed-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.s390x",
"product_id": "tomcat10-jsvc-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.s390x",
"product_id": "tomcat10-lib-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.s390x",
"product_id": "tomcat10-webapps-10.1.48-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-10.1.48-1.1.x86_64",
"product_id": "tomcat10-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.x86_64",
"product_id": "tomcat10-doc-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.x86_64",
"product_id": "tomcat10-embed-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"product_id": "tomcat10-jsvc-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.x86_64",
"product_id": "tomcat10-lib-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.x86_64",
"product_id": "tomcat10-webapps-10.1.48-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2026:20034-1
Vulnerability from csaf_opensuse - Published: 2026-01-14 13:14 - Updated: 2026-01-14 13:14Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- Update to Tomcat 9.0.111
- Security fixes:
- CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat
(bsc#1252905).
- CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service
(bsc#1252756).
Patchnames: openSUSE-Leap-16.0-143
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- Update to Tomcat 9.0.111\n - Security fixes:\n - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n - CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat\n (bsc#1252905).\n - CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service\n (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-143",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20034-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-01-14T13:14:54Z",
"generator": {
"date": "2026-01-14T13:14:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20034-1",
"initial_release_date": "2026-01-14T13:14:54Z",
"revision_history": [
{
"date": "2026-01-14T13:14:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-embed-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-embed-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-javadoc-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-jsvc-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-lib-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-lib-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-webapps-9.0.111-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-embed-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-14T13:14:54Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-14T13:14:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-14T13:14:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2025:15718-1
Vulnerability from csaf_opensuse - Published: 2025-11-07 00:00 - Updated: 2025-11-07 00:00Summary
tomcat11-11.0.13-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: tomcat11-11.0.13-1.1 on GA media
Description of the patch: These are all security issues fixed in the tomcat11-11.0.13-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15718
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat11-11.0.13-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat11-11.0.13-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15718",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15718-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat11-11.0.13-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15718-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-11.0.13-1.1.aarch64",
"product_id": "tomcat11-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.aarch64",
"product_id": "tomcat11-doc-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.aarch64",
"product_id": "tomcat11-embed-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"product_id": "tomcat11-jsvc-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.aarch64",
"product_id": "tomcat11-lib-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.aarch64",
"product_id": "tomcat11-webapps-11.0.13-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-doc-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-embed-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-jsvc-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-lib-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-webapps-11.0.13-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-11.0.13-1.1.s390x",
"product_id": "tomcat11-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.s390x",
"product_id": "tomcat11-doc-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.s390x",
"product_id": "tomcat11-embed-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.s390x",
"product_id": "tomcat11-jsvc-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.s390x",
"product_id": "tomcat11-lib-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.s390x",
"product_id": "tomcat11-webapps-11.0.13-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-11.0.13-1.1.x86_64",
"product_id": "tomcat11-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.x86_64",
"product_id": "tomcat11-doc-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.x86_64",
"product_id": "tomcat11-embed-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"product_id": "tomcat11-jsvc-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.x86_64",
"product_id": "tomcat11-lib-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.x86_64",
"product_id": "tomcat11-webapps-11.0.13-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2025:15716-1
Vulnerability from csaf_opensuse - Published: 2025-11-07 00:00 - Updated: 2025-11-07 00:00Summary
tomcat-9.0.111-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: tomcat-9.0.111-1.1 on GA media
Description of the patch: These are all security issues fixed in the tomcat-9.0.111-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15716
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat-9.0.111-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat-9.0.111-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15716",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15716-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat-9.0.111-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15716-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-9.0.111-1.1.aarch64",
"product_id": "tomcat-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-embed-9.0.111-1.1.aarch64",
"product_id": "tomcat-embed-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.aarch64",
"product_id": "tomcat-javadoc-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.aarch64",
"product_id": "tomcat-jsvc-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-lib-9.0.111-1.1.aarch64",
"product_id": "tomcat-lib-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.aarch64",
"product_id": "tomcat-webapps-9.0.111-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-9.0.111-1.1.ppc64le",
"product_id": "tomcat-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-embed-9.0.111-1.1.ppc64le",
"product_id": "tomcat-embed-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"product_id": "tomcat-javadoc-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"product_id": "tomcat-jsvc-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-lib-9.0.111-1.1.ppc64le",
"product_id": "tomcat-lib-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.ppc64le",
"product_id": "tomcat-webapps-9.0.111-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-9.0.111-1.1.s390x",
"product_id": "tomcat-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-embed-9.0.111-1.1.s390x",
"product_id": "tomcat-embed-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.s390x",
"product_id": "tomcat-javadoc-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.s390x",
"product_id": "tomcat-jsvc-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-lib-9.0.111-1.1.s390x",
"product_id": "tomcat-lib-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.s390x",
"product_id": "tomcat-webapps-9.0.111-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-9.0.111-1.1.x86_64",
"product_id": "tomcat-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-embed-9.0.111-1.1.x86_64",
"product_id": "tomcat-embed-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.x86_64",
"product_id": "tomcat-javadoc-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.x86_64",
"product_id": "tomcat-jsvc-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-lib-9.0.111-1.1.x86_64",
"product_id": "tomcat-lib-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.x86_64",
"product_id": "tomcat-webapps-9.0.111-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-embed-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-embed-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-embed-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-embed-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-lib-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-lib-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-lib-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-lib-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
OPENSUSE-SU-2025:20106-1
Vulnerability from csaf_opensuse - Published: 2025-11-27 15:43 - Updated: 2025-11-27 15:43Summary
Security update for tomcat11
Severity
Important
Notes
Title of the patch: Security update for tomcat11
Description of the patch: This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames: openSUSE-Leap-16.0-72
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20106-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:43:26Z",
"generator": {
"date": "2025-11-27T15:43:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:20106-1",
"initial_release_date": "2025-11-27T15:43:26Z",
"revision_history": [
{
"date": "2025-11-27T15:43:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
WID-SEC-W-2025-2420
Vulnerability from csaf_certbund - Published: 2025-10-27 23:00 - Updated: 2026-01-07 23:00Summary
Apache Tomcat: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff: Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2420 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2420.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2420 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2420"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"category": "external",
"summary": "PoC CVE-2025-55752 vom 2025-10-28",
"url": "https://github.com/TAM-K592/CVE-2025-55752"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19810 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19809 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15718-1 vom 2025-11-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W6PIRHQGOVWPZCOQCITPWJOJF46KPRH3/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15716-1 vom 2025-11-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUHQUF6GI6WNIB2OLHZWSVMV36C2EJIC/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3067 vom 2025-11-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3067.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2025-023 vom 2025-11-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2025-023.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4086-1 vom 2025-11-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023270.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250971 vom 2025-11-12",
"url": "https://www.ibm.com/support/pages/node/7250971"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4103-1 vom 2025-11-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023281.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7251634 vom 2025-11-18",
"url": "https://www.ibm.com/support/pages/node/7251634"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4159-1 vom 2025-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023311.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4184-1 vom 2025-11-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023318.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025-20106-1 vom 2025-11-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FPPZ6FSW6UKHPCGEBSEZ2WIKZC77TX7I/"
},
{
"category": "external",
"summary": "Camunda Security Notices vom 2025-12-01",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22924 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22924"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22925 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22925"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23050 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23049 vom 2025-12-11",
"url": "https://errata.build.resf.org/RLSA-2025:23049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23044 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23045 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23046 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23047 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23048 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23049 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23052 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23051 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23053 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21152-1 vom 2025-12-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023508.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23050 vom 2025-12-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-23050.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23052 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23052.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23049 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23049.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23048 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23048.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23050 vom 2025-12-12",
"url": "https://errata.build.resf.org/RLSA-2025:23050"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23052 vom 2025-12-12",
"url": "https://errata.build.resf.org/RLSA-2025:23052"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23048 vom 2025-12-13",
"url": "https://errata.build.resf.org/RLSA-2025:23048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23225 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0293 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0292 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-07T23:00:00.000+00:00",
"generator": {
"date": "2026-01-08T08:12:48.876+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2420",
"initial_release_date": "2025-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2025-55752 aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und IBM aufgenommen"
},
{
"date": "2025-11-16T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-27T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-12-01T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat, Rocky Enterprise Software Foundation, SUSE und Oracle Linux aufgenommen"
},
{
"date": "2025-12-11T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "17"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.47",
"product": {
"name": "Apache Tomcat \u003c10.1.47",
"product_id": "T048171"
}
},
{
"category": "product_version",
"name": "10.1.47",
"product": {
"name": "Apache Tomcat 10.1.47",
"product_id": "T048171-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.47"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.12",
"product": {
"name": "Apache Tomcat \u003c11.0.12",
"product_id": "T048172"
}
},
{
"category": "product_version",
"name": "11.0.12",
"product": {
"name": "Apache Tomcat 11.0.12",
"product_id": "T048172-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.110",
"product": {
"name": "Apache Tomcat \u003c9.0.110",
"product_id": "T048173"
}
},
{
"category": "product_version",
"name": "9.0.110",
"product": {
"name": "Apache Tomcat 9.0.110",
"product_id": "T048173-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.110"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for z/OS \t10.1.0.0-10.1.0.6",
"product": {
"name": "IBM Integration Bus for z/OS \t10.1.0.0-10.1.0.6",
"product_id": "T048665",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:for_zos_10.1.0.0_-_10.1.0.6"
}
}
}
],
"category": "product_name",
"name": "Integration Bus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP14 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP14 IF01",
"product_id": "T048556"
}
},
{
"category": "product_version",
"name": "7.5.0 UP14 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP14 IF01",
"product_id": "T048556-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up14_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.24.1",
"product": {
"name": "Open Source Camunda \u003c7.24.1",
"product_id": "T048978"
}
},
{
"category": "product_version",
"name": "7.24.1",
"product": {
"name": "Open Source Camunda 7.24.1",
"product_id": "T048978-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.24.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.23.7",
"product": {
"name": "Open Source Camunda \u003c7.23.7",
"product_id": "T048979"
}
},
{
"category": "product_version",
"name": "7.23.7",
"product": {
"name": "Open Source Camunda 7.23.7",
"product_id": "T048979-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.23.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.22.10",
"product": {
"name": "Open Source Camunda \u003c7.22.10",
"product_id": "T048980"
}
},
{
"category": "product_version",
"name": "7.22.10",
"product": {
"name": "Open Source Camunda 7.22.10",
"product_id": "T048980-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.22.10"
}
}
}
],
"category": "product_name",
"name": "Camunda"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server",
"product": {
"name": "Red Hat JBoss Web Server",
"product_id": "T003426",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.8.6",
"product": {
"name": "Red Hat JBoss Web Server \u003c5.8.6",
"product_id": "T049206"
}
},
{
"category": "product_version",
"name": "5.8.6",
"product": {
"name": "Red Hat JBoss Web Server 5.8.6",
"product_id": "T049206-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8.6"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise Server \u003c12 SP5 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server \u003c12 SP5 LTSS",
"product_id": "T048861"
}
},
{
"category": "product_version",
"name": "Enterprise Server 12 SP5 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product_id": "T048861-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:enterprise_server__12_sp5_ltss"
}
}
}
],
"category": "product_name",
"name": "Linux"
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"product_status": {
"known_affected": [
"T048171",
"67646",
"T048173",
"T048172",
"T003426",
"T004914",
"T032255",
"T048979",
"T048978",
"T002207",
"T027843",
"T048861",
"398363",
"T048980",
"T049206",
"T048556",
"T048665"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"product_status": {
"known_affected": [
"T048171",
"67646",
"T048173",
"T048172",
"T003426",
"T004914",
"T032255",
"T048979",
"T048978",
"T002207",
"T027843",
"T048861",
"398363",
"T048980",
"T049206",
"T048556",
"T048665"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"product_status": {
"known_affected": [
"T048171",
"67646",
"T048173",
"T048172",
"T003426",
"T004914",
"T032255",
"T048979",
"T048978",
"T002207",
"T027843",
"T048861",
"398363",
"T048980",
"T049206",
"T048556",
"T048665"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-61795"
}
]
}
GHSA-VFWW-5HM6-HX2J
Vulnerability from github – Published: 2025-10-27 18:31 – Updated: 2025-11-05 20:50
VLAI?
Summary
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
Details
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.45"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.109"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.45"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.109"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.45"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.109"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55754"
],
"database_specific": {
"cwe_ids": [
"CWE-150"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-28T17:57:42Z",
"nvd_published_at": "2025-10-27T18:15:42Z",
"severity": "LOW"
},
"details": "Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"id": "GHSA-vfww-5hm6-hx2j",
"modified": "2025-11-05T20:50:27Z",
"published": "2025-10-27T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences"
}
CERTFR-2025-AVI-0933
Vulnerability from certfr_avis - Published: 2025-10-28 - Updated: 2025-10-28
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.12",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.47",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.110",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
}
],
"initial_release_date": "2025-10-28T00:00:00",
"last_revision_date": "2025-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0933",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.12",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.110",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.47",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
}
]
}
CERTFR-2025-AVI-0933
Vulnerability from certfr_avis - Published: 2025-10-28 - Updated: 2025-10-28
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.12",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.47",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.110",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
}
],
"initial_release_date": "2025-10-28T00:00:00",
"last_revision_date": "2025-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0933",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.12",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.110",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.47",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
}
]
}
CERTFR-2025-AVI-0967
Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49 | ||
| VMware | Tanzu Platform | Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1 | ||
| VMware | Tanzu Platform | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Platform | Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Platform | .NET Core Buildpack versions antérieures à 2.4.64 | ||
| VMware | Tanzu Platform | VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4 | ||
| VMware | Tanzu Platform | CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7 | ||
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.8 | ||
| VMware | Tanzu Platform | Go Buildpack versions antérieures à 1.10.57 | ||
| VMware | Tanzu Platform | VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Platform | NodeJS Buildpack versions antérieures à 1.8.61 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0 | ||
| VMware | Tanzu Platform | Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11 | ||
| VMware | Tanzu Platform | IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2024-7409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2024-6505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-43484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-3447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-43483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-4467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2024-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0967",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
}
]
}
CERTFR-2025-AVI-0967
Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49 | ||
| VMware | Tanzu Platform | Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1 | ||
| VMware | Tanzu Platform | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Platform | Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Platform | .NET Core Buildpack versions antérieures à 2.4.64 | ||
| VMware | Tanzu Platform | VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4 | ||
| VMware | Tanzu Platform | CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7 | ||
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.8 | ||
| VMware | Tanzu Platform | Go Buildpack versions antérieures à 1.10.57 | ||
| VMware | Tanzu Platform | VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Platform | NodeJS Buildpack versions antérieures à 1.8.61 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0 | ||
| VMware | Tanzu Platform | Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11 | ||
| VMware | Tanzu Platform | IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2024-7409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2024-6505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-43484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-3447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-43483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-4467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2024-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0967",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
}
]
}
CERTFR-2025-AVI-0969
Vulnerability from certfr_avis - Published: 2025-11-06 - Updated: 2025-11-06
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | GenAI sur Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.90.x | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.58 | ||
| VMware | Tanzu Kubernetes Runtime | Python Buildpack versions antérieures à 1.8.63 | ||
| VMware | Tanzu Kubernetes Runtime | VMware Tanzu pour MySQL sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Kubernetes Runtime | API Gateway pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | Tanzu Kubernetes Runtime | PHP Buildpack versions antérieures à 4.6.49 | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Platform versions antérieures à 1.16.14 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.915.x | ||
| VMware | Tanzu Application Service | CredHub Service Broker versions antérieures à 1.6.6 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.915.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Application Service versions antérieures à 1.16.13 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.77.x | ||
| VMware | Services Suite | Platform Automation Toolkit versions antérieures à 5.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.906.x | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Data Flow pour VMware Tanzu versions antérieures à 1.14.9 | ||
| VMware | Tanzu Kubernetes Runtime | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.9 | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Services pour VMware Tanzu versions antérieures à 3.3.10 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Concourse pour VMware Tanzu versions antérieures à 7.14.1+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Ruby Buildpack versions antérieures à 1.10.46 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Telemetry pour VMware Tanzu Platform versions antérieures à 2.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.103.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Hub versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.906.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GenAI sur Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.90.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.58",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Python Buildpack versions ant\u00e9rieures \u00e0 1.8.63",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour MySQL sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "API Gateway pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "PHP Buildpack versions ant\u00e9rieures \u00e0 4.6.49",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.16.14",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Service Broker versions ant\u00e9rieures \u00e0 1.6.6",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.13",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.77.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.3.2",
"product": {
"name": "Services Suite",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow pour VMware Tanzu versions ant\u00e9rieures \u00e0 1.14.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.5.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services pour VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.10",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Concourse pour VMware Tanzu versions ant\u00e9rieures \u00e0 7.14.1+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Ruby Buildpack versions ant\u00e9rieures \u00e0 1.10.46",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.103.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-57981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57981"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2022-25308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25308"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-27102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27102"
},
{
"name": "CVE-2022-43236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43236"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2005-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0602"
},
{
"name": "CVE-2017-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6834"
},
{
"name": "CVE-2025-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22003"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3428"
},
{
"name": "CVE-2021-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3933"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43237"
},
{
"name": "CVE-2021-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23215"
},
{
"name": "CVE-2022-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1115"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21798"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21889"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-38328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38328"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2023-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3195"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2021-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20243"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2014-9157",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9157"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2021-26260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26260"
},
{
"name": "CVE-2023-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0922"
},
{
"name": "CVE-2025-38100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"name": "CVE-2017-18250",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18250"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-40002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40002"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2025-8851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8851"
},
{
"name": "CVE-2024-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58010"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-57973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57973"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2001-1268",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1268"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22017"
},
{
"name": "CVE-2025-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38108"
},
{
"name": "CVE-2025-21783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
},
{
"name": "CVE-2025-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38229"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2020-27769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27769"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2014-9748",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9748"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2022-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1623"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2024-38829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38829"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2017-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6831"
},
{
"name": "CVE-2024-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58034"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2023-38471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38471"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2020-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27776"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21743"
},
{
"name": "CVE-2025-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38147"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2023-34475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34475"
},
{
"name": "CVE-2024-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26896"
},
{
"name": "CVE-2025-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38286"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2025-12380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12380"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2022-2929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2929"
},
{
"name": "CVE-2018-15120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15120"
},
{
"name": "CVE-2024-58069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58069"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2025-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4287"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2025-21731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21731"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3605"
},
{
"name": "CVE-2025-38515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38515"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2017-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10928"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2025-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38163"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2017-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12429"
},
{
"name": "CVE-2025-38444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38444"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2023-2157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2157"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-58082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58082"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2025-55551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2023-48368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48368"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38157"
},
{
"name": "CVE-2023-24757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24757"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2022-31683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31683"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2025-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21872"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2017-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6832"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2024-45720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45720"
},
{
"name": "CVE-2022-1056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1056"
},
{
"name": "CVE-2018-10805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10805"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2025-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38219"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2025-38466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2020-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15095"
},
{
"name": "CVE-2018-16328",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16328"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5745"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2022-43239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43239"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2022-32546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32546"
},
{
"name": "CVE-2025-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0838"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2025-55553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55553"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2021-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4219"
},
{
"name": "CVE-2018-15798",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15798"
},
{
"name": "CVE-2025-55154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55154"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2017-11447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11447"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2023-39593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39593"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-46569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46569"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2018-14434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14434"
},
{
"name": "CVE-2019-6293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6293"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2021-3468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3468"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-58061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58061"
},
{
"name": "CVE-2025-46148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46148"
},
{
"name": "CVE-2024-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58058"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2149"
},
{
"name": "CVE-2021-3502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3502"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2018-16329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16329"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58056"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2024-43790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43790"
},
{
"name": "CVE-2025-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38313"
},
{
"name": "CVE-2025-38336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38336"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2025-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22009"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2025-21727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21727"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43240"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2021-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20312"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2023-52593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52593"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2023-26785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26785"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2024-57970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21929"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2025-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21735"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-3000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3000"
},
{
"name": "CVE-2022-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3213"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38112"
},
{
"name": "CVE-2025-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5878"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2024-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58063"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2025-38500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38500"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8961"
},
{
"name": "CVE-2025-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21977"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2025-21779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
},
{
"name": "CVE-2024-58005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-38203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38203"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2022-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0909"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2023-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38633"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2021-46312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46312"
},
{
"name": "CVE-2018-14628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14628"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38476"
},
{
"name": "CVE-2019-6461",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6461"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2015-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
},
{
"name": "CVE-2022-43244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43244"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2015-7696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7696"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2025-38387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38387"
},
{
"name": "CVE-2023-45922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45922"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-38362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38362"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2025-40004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40004"
},
{
"name": "CVE-2017-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7619"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-38371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38371"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-57982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57982"
},
{
"name": "CVE-2025-38445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38445"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-21746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-24070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2019-17547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17547"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2021-36411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36411"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2018-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10919"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-53014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53014"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2018-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10804"
},
{
"name": "CVE-2025-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38159"
},
{
"name": "CVE-2022-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0907"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-3670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3670"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2025-38305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-38067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2024-58054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58054"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40364"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2013-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2064"
},
{
"name": "CVE-2025-38401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38401"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2024-58070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58070"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2020-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25663"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58057"
},
{
"name": "CVE-2025-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0306"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-58007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58007"
},
{
"name": "CVE-2023-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1355"
},
{
"name": "CVE-2025-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21995"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37967"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38102"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2025-55560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55560"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2025-59842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59842"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2024-27766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27766"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21714"
},
{
"name": "CVE-2024-58078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58078"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-38399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38399"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2023-34153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34153"
},
{
"name": "CVE-2023-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3618"
},
{
"name": "CVE-2020-14153",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14153"
},
{
"name": "CVE-2022-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1114"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2025-38412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38412"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2011-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2207"
},
{
"name": "CVE-2025-54874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54874"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2025-38293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38293"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21830"
},
{
"name": "CVE-2018-12600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12600"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2025-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38184"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2025-9340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9340"
},
{
"name": "CVE-2023-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24758"
},
{
"name": "CVE-2025-55552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2016-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7531"
},
{
"name": "CVE-2006-3082",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3082"
},
{
"name": "CVE-2023-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5341"
},
{
"name": "CVE-2025-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8534"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3262"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-0743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0743"
},
{
"name": "CVE-2025-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21961"
},
{
"name": "CVE-2025-38458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38458"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2016-10062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10062"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2023-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34152"
},
{
"name": "CVE-2022-43249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43249"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2024-58085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58085"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2025-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38135"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2022-43242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43242"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2025-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2019-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14844"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21982"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-21828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21828"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2025-38363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38363"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2022-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0865"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2025-38319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38319"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2022-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0529"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2016-7514",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7514"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2025-9092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9092"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2021-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3598"
},
{
"name": "CVE-2025-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21880"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-38212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-38298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38298"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-37974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37974"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2024-57834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
},
{
"name": "CVE-2025-55197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55197"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55558"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2024-58017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58017"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2025-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21809"
},
{
"name": "CVE-2025-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38419"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2021-32490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32490"
},
{
"name": "CVE-2020-27768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27768"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2016-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5118"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-46045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46045"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2025-55557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55557"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2025-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2999"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2021-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35452"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2020-10251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10251"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2025-21745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2020-18781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18781"
},
{
"name": "CVE-2025-7709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7709"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38251"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38120"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2025-38285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37750"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38161"
},
{
"name": "CVE-2025-9640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9640"
},
{
"name": "CVE-2022-1897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
},
{
"name": "CVE-2022-43248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43248"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2024-58081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58081"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2017-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6829"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2021-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4214"
},
{
"name": "CVE-2025-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21911"
},
{
"name": "CVE-2023-24752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24752"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-43245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43245"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2018-9133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9133"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38115"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2025-21816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21816"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2021-36410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36410"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
},
{
"name": "CVE-2025-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38153"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2024-58003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58003"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-38395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38395"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38337"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2024-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-38465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-38513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38513"
},
{
"name": "CVE-2025-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21736"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21741"
},
{
"name": "CVE-2020-18032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18032"
},
{
"name": "CVE-2017-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6833"
},
{
"name": "CVE-2025-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21808"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-58076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58076"
},
{
"name": "CVE-2023-24751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24751"
},
{
"name": "CVE-2025-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21708"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21720"
},
{
"name": "CVE-2025-32463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32463"
},
{
"name": "CVE-2015-7747",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7747"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2025-55004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55004"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38441"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2023-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38037"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2519"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21711"
},
{
"name": "CVE-2025-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2998"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2021-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20313"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2023-45913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45913"
},
{
"name": "CVE-2018-13153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13153"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2023-34474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34474"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-38227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38227"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-58079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58079"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2021-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45931"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2021-28544",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2025-21734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21734"
},
{
"name": "CVE-2025-32728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32728"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2021-44964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44964"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2018-14437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14437"
},
{
"name": "CVE-2024-13978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13978"
},
{
"name": "CVE-2025-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21890"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2021-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3596"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2024-57883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57883"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2017-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6830"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-21748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21748"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2021-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46310"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38074"
},
{
"name": "CVE-2024-58086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
},
{
"name": "CVE-2025-38119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38119"
},
{
"name": "CVE-2025-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38245"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2020-14152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14152"
},
{
"name": "CVE-2025-38324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38324"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2024-58051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58051"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2025-9390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9390"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2019-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9904"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2025-9165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9165"
},
{
"name": "CVE-2023-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1981"
},
{
"name": "CVE-2023-30571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30571"
},
{
"name": "CVE-2022-2231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2231"
},
{
"name": "CVE-2025-46150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46150"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38542"
},
{
"name": "CVE-2025-38344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38344"
},
{
"name": "CVE-2023-28120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28120"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2025-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38088"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2020-35492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35492"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2023-1289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1289"
},
{
"name": "CVE-2025-38386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38386"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2025-9341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9341"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-21895",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21895"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2018-16412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16412"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2019-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6462"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2021-32493",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32493"
},
{
"name": "CVE-2023-24754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24754"
},
{
"name": "CVE-2020-29509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29509"
},
{
"name": "CVE-2023-5568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5568"
},
{
"name": "CVE-2023-38470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38470"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2025-38237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38237"
},
{
"name": "CVE-2025-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38174"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2025-21888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21888"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2024-57990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57990"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2014-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9636"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2022-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2022-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2521"
},
{
"name": "CVE-2023-49582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49582"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21976"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-57975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57975"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-32491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32491"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0924"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2022-33068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33068"
},
{
"name": "CVE-2025-38342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-58068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58068"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2024-57998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57998"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-38206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38206"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2023-47282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47282"
},
{
"name": "CVE-2016-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-20012"
},
{
"name": "CVE-2025-38111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2019-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3792"
},
{
"name": "CVE-2022-43235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43235"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22001"
},
{
"name": "CVE-2024-10524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
},
{
"name": "CVE-2025-40017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40017"
},
{
"name": "CVE-2023-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45919"
},
{
"name": "CVE-2025-38326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38326"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2018-15607",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15607"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38384"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38424"
},
{
"name": "CVE-2025-38430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2025-3001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3001"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-32545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32545"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2025-21820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21820"
},
{
"name": "CVE-2017-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6838"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-41817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41817"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6835"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2025-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38420"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2024-57997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57997"
},
{
"name": "CVE-2025-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38160"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-31782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31782"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38107"
},
{
"name": "CVE-2025-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32434"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2025-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"name": "CVE-2025-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38197"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2022-43253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43253"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2025-53019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53019"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-53367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53367"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2021-45942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45942"
},
{
"name": "CVE-2022-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1615"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2021-20246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20246"
},
{
"name": "CVE-2025-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21707"
},
{
"name": "CVE-2023-24755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24755"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-38467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38467"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2025-21804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21804"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2017-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6837"
},
{
"name": "CVE-2014-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9913"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-37407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37407"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2025-22011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22011"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43252"
},
{
"name": "CVE-2023-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0614"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2020-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21606"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2001-1269",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1269"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38617"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2023-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47169"
},
{
"name": "CVE-2025-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38122"
},
{
"name": "CVE-2025-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21801"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-38173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38173"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2148"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38143"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2023-38469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38469"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2016-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5841"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53101"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2022-44267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44267"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2019-8321",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8321"
},
{
"name": "CVE-2025-21826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21826"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-21750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21750"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2025-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46393"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2021-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0561"
},
{
"name": "CVE-2018-12599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12599"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-38416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38416"
},
{
"name": "CVE-2022-1587",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1587"
},
{
"name": "CVE-2025-21825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21825"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0284"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2024-58016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58016"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21903"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2025-38194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38194"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1667"
},
{
"name": "CVE-2022-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2953"
},
{
"name": "CVE-2022-43238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43238"
},
{
"name": "CVE-2025-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3121"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2024-20696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20696"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-46149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46149"
},
{
"name": "CVE-2021-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26945"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-46152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46152"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2025-38348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38348"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2025-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38540"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2022-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28463"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2025-21726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21726"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2018-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3779"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2022-28805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28805"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2025-21723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21723"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38146"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2022-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1355"
},
{
"name": "CVE-2025-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47291"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2025-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38418"
},
{
"name": "CVE-2025-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38090"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2025-21810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21810"
},
{
"name": "CVE-2022-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2021-24031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24031"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-46153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46153"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2025-5994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5994"
},
{
"name": "CVE-2021-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38115"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2021-31879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2021-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20309"
},
{
"name": "CVE-2022-29217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29217"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38472"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2017-12643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12643"
},
{
"name": "CVE-2024-57953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57953"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2021-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26720"
},
{
"name": "CVE-2025-54801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54801"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2023-24756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24756"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2022-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2520"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-9403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9403"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2016-4074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4074"
},
{
"name": "CVE-2024-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0746"
},
{
"name": "CVE-2025-21775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2022-33099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33099"
},
{
"name": "CVE-2023-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45931"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-38400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26775"
},
{
"name": "CVE-2022-25309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25309"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38136"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-55212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55212"
},
{
"name": "CVE-2022-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36087"
},
{
"name": "CVE-2022-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32547"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-26280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26280"
},
{
"name": "CVE-2025-37752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37752"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2025-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21873"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2018-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11655"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2022-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2928"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-57803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57803"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2020-29511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29511"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2015-7697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7697"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21742"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-43243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43243"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2017-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16231"
},
{
"name": "CVE-2025-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38406"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21930"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2017-9409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9409"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2025-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21892"
},
{
"name": "CVE-2024-58052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58052"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2025-55554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
},
{
"name": "CVE-2024-43168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43168"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22016"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2025-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38263"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-46901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46901"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2025-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21955"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"name": "CVE-2025-21773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38218"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2024-43167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43167"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-1000035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000035"
},
{
"name": "CVE-2021-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40211"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2025-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"name": "CVE-2024-26256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2020-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0499"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3136"
},
{
"name": "CVE-2025-55160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55160"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38249"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2022-48703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48703"
},
{
"name": "CVE-2025-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38154"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30699"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-38389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38389"
},
{
"name": "CVE-2025-38448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38448"
},
{
"name": "CVE-2022-48281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48281"
},
{
"name": "CVE-2023-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2426"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2025-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
},
{
"name": "CVE-2021-20176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20176"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2025-55298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55298"
},
{
"name": "CVE-2022-43241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43241"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38377"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2023-22656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22656"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-43965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43965"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2021-36408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36408"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2023-39327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
},
{
"name": "CVE-2017-18253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18253"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-58053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58053"
},
{
"name": "CVE-2025-38516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38516"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-38462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38462"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38428"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2018-13410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13410"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-38262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38262"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2025-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38138"
},
{
"name": "CVE-2021-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3610"
},
{
"name": "CVE-2024-58077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58077"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-38310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38310"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2022-43250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43250"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2025-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38226"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38473"
},
{
"name": "CVE-2025-38443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38443"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-52099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52099"
},
{
"name": "CVE-2023-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43887"
},
{
"name": "CVE-2025-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21967"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"name": "CVE-2025-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38439"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38145"
},
{
"name": "CVE-2022-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2598"
},
{
"name": "CVE-2020-27829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27829"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-21749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21749"
},
{
"name": "CVE-2017-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6839"
},
{
"name": "CVE-2023-1906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1906"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2023-47471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47471"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2022-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1771"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2021-32492",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32492"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-55005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55005"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2022-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1586"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-40015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40015"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2025-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21829"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2024-57999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57999"
},
{
"name": "CVE-2018-16645",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16645"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2025-21969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21969"
},
{
"name": "CVE-2025-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38200"
},
{
"name": "CVE-2025-40007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40007"
},
{
"name": "CVE-2024-58072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58072"
},
{
"name": "CVE-2025-38273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38273"
},
{
"name": "CVE-2025-38346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38346"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2025-21722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21722"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
},
{
"name": "CVE-2022-2719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2719"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2023-34151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34151"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2021-43809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43809"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2015-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1606"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2023-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3896"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2020-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21599"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39978"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-38320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38320"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8177"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2021-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20311"
},
{
"name": "CVE-2024-58055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58055"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2024-57993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57993"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2021-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20241"
},
{
"name": "CVE-2017-12674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12674"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2025-62171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62171"
},
{
"name": "CVE-2025-38280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2025-50950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50950"
},
{
"name": "CVE-2020-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21605"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2017-1000476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000476"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2015-8863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8863"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2018-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11656"
},
{
"name": "CVE-2025-38103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38103"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2025-38514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38514"
},
{
"name": "CVE-2018-19876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19876"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-20310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20310"
},
{
"name": "CVE-2021-20245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20245"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2025-21732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21732"
},
{
"name": "CVE-2025-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38569"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2023-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22796"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2025-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38204"
},
{
"name": "CVE-2021-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40812"
},
{
"name": "CVE-2021-4217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4217"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2018-9135",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9135"
},
{
"name": "CVE-2025-38410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38410"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2021-39212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39212"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2017-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12433"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2021-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3574"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-58006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58006"
},
{
"name": "CVE-2025-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21710"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2025-22088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22088"
},
{
"name": "CVE-2025-38460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38460"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2025-38345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-21815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21815"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2017-6836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6836"
},
{
"name": "CVE-2021-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3500"
},
{
"name": "CVE-2022-25310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25310"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2025-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57807"
},
{
"name": "CVE-2025-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2024-58080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58080"
},
{
"name": "CVE-2025-21744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21744"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2025-31498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31498"
},
{
"name": "CVE-2022-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30698"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2024-57986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57986"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2021-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20244"
},
{
"name": "CVE-2025-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38181"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38391"
},
{
"name": "CVE-2025-11411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2016-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9844"
},
{
"name": "CVE-2019-13136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3941"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2025-21811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21811"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0969",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36320",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36320"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36423",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36423"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36364"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36351"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36424",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36424"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36412",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36412"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36388",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36388"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36426",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36426"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36411",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36411"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36357",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36357"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36408",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36408"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36349",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36349"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36414",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36414"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36397",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36397"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36389",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36389"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36398",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36398"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36380",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36380"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36407"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36362",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36362"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36413",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36413"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36384",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36384"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36379",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36379"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36400",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36400"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36377",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36377"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36368",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36368"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36418",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36418"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36420",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36420"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36391",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36391"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36392",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36392"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36353",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36353"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-14",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36356"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36422",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36422"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36381",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36381"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36421",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36421"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36416",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36416"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-86",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36415"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36403",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36403"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36347",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36347"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36383",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36383"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36410",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36410"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36352",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36352"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36394",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36394"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36354",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36354"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36399",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36399"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36350"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36419",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36419"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-85",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36401"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36365"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36405"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36367"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36395",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36395"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36387",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36387"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36363",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36363"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36385",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36385"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36409",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36409"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36359"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36348",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36348"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36386",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36386"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36417",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36417"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36425",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36425"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36366"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36360"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36355",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36355"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36358"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36396",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36396"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36378",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36378"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36382",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36382"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36404"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36361"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36402",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36402"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36393",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36393"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36406",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36406"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36390"
}
]
}
CERTFR-2025-AVI-1079
Vulnerability from certfr_avis - Published: 2025-12-09 - Updated: 2025-12-09
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAPUI5 framework | SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de sécurité | ||
| SAP | BusinessObjects | Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
| SAP | Web Dispatcher, Internet Communication Manager et Content Server | Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de sécurité | ||
| SAP | jConnect | jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de sécurité | ||
| SAP | Enterprise Search pour ABAP | Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | Web Dispatcher et Internet Communication Manager (ICM) | Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA | S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de sécurité | ||
| SAP | Business Objects Business Intelligence Platform | Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | Solution Manager | Solution Manager version ST 720 sans le dernier correctif de sécurité | ||
| SAP | Application Server ABAP | Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAPUI5 framework",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "BusinessObjects",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Web Dispatcher, Internet Communication Manager et Content Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "jConnect",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Enterprise Search pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Web Dispatcher et Internet Communication Manager (ICM)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Objects Business Intelligence Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Solution Manager version ST 720 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Solution Manager",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Application Server ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42875"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-42904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42904"
},
{
"name": "CVE-2025-42891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42891"
},
{
"name": "CVE-2025-42877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42877"
},
{
"name": "CVE-2025-42880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42880"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-42874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42874"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-42873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42873"
},
{
"name": "CVE-2025-42878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42878"
},
{
"name": "CVE-2025-42876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42876"
},
{
"name": "CVE-2025-42872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42872"
},
{
"name": "CVE-2025-42928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42928"
},
{
"name": "CVE-2025-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42896"
}
],
"initial_release_date": "2025-12-09T00:00:00",
"last_revision_date": "2025-12-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1079",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP december-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html"
}
]
}
CERTFR-2026-AVI-0322
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu GemFire C++ et .NET Framework Clients versions antérieures à 10.4.8 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu GemFire Session Management versions antérieures à 1.1.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire Search versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu GemFire sur Kubernetes versions antérieures à 2.6.2 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire versions antérieures à 10.0.8 | ||
| VMware | Tanzu | Tanzu GemFire Vector Database versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu Data Flow sur Kubernetes versions antérieures à 2.0.4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu GemFire C++ et .NET Framework Clients versions ant\u00e9rieures \u00e0 10.4.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Session Management versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Search versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire sur Kubernetes versions ant\u00e9rieures \u00e0 2.6.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.0.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow sur Kubernetes versions ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2026-25518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25518"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0322",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37257",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37257"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37260",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37260"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37259",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37259"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37255",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37255"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37253",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37253"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37262",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37262"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37251",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37251"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37252",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37252"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37261",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37261"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37256",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37256"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37248",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37248"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37258",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37258"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37250",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37250"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37254",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37254"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37249",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37249"
}
]
}
CERTFR-2025-AVI-0969
Vulnerability from certfr_avis - Published: 2025-11-06 - Updated: 2025-11-06
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | GenAI sur Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.90.x | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.58 | ||
| VMware | Tanzu Kubernetes Runtime | Python Buildpack versions antérieures à 1.8.63 | ||
| VMware | Tanzu Kubernetes Runtime | VMware Tanzu pour MySQL sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Kubernetes Runtime | API Gateway pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | Tanzu Kubernetes Runtime | PHP Buildpack versions antérieures à 4.6.49 | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Platform versions antérieures à 1.16.14 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.915.x | ||
| VMware | Tanzu Application Service | CredHub Service Broker versions antérieures à 1.6.6 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.915.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Application Service versions antérieures à 1.16.13 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.77.x | ||
| VMware | Services Suite | Platform Automation Toolkit versions antérieures à 5.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.906.x | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Data Flow pour VMware Tanzu versions antérieures à 1.14.9 | ||
| VMware | Tanzu Kubernetes Runtime | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.9 | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Services pour VMware Tanzu versions antérieures à 3.3.10 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Concourse pour VMware Tanzu versions antérieures à 7.14.1+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Ruby Buildpack versions antérieures à 1.10.46 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Telemetry pour VMware Tanzu Platform versions antérieures à 2.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.103.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Hub versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.906.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GenAI sur Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.90.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.58",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Python Buildpack versions ant\u00e9rieures \u00e0 1.8.63",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour MySQL sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "API Gateway pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "PHP Buildpack versions ant\u00e9rieures \u00e0 4.6.49",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.16.14",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Service Broker versions ant\u00e9rieures \u00e0 1.6.6",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.13",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.77.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.3.2",
"product": {
"name": "Services Suite",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow pour VMware Tanzu versions ant\u00e9rieures \u00e0 1.14.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.5.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services pour VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.10",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Concourse pour VMware Tanzu versions ant\u00e9rieures \u00e0 7.14.1+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Ruby Buildpack versions ant\u00e9rieures \u00e0 1.10.46",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.103.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-57981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57981"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2022-25308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25308"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-27102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27102"
},
{
"name": "CVE-2022-43236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43236"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2005-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0602"
},
{
"name": "CVE-2017-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6834"
},
{
"name": "CVE-2025-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22003"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3428"
},
{
"name": "CVE-2021-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3933"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43237"
},
{
"name": "CVE-2021-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23215"
},
{
"name": "CVE-2022-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1115"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21798"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21889"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-38328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38328"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2023-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3195"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2021-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20243"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2014-9157",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9157"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2021-26260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26260"
},
{
"name": "CVE-2023-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0922"
},
{
"name": "CVE-2025-38100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"name": "CVE-2017-18250",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18250"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-40002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40002"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2025-8851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8851"
},
{
"name": "CVE-2024-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58010"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-57973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57973"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2001-1268",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1268"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22017"
},
{
"name": "CVE-2025-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38108"
},
{
"name": "CVE-2025-21783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
},
{
"name": "CVE-2025-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38229"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2020-27769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27769"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2014-9748",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9748"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2022-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1623"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2024-38829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38829"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2017-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6831"
},
{
"name": "CVE-2024-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58034"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2023-38471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38471"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2020-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27776"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21743"
},
{
"name": "CVE-2025-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38147"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2023-34475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34475"
},
{
"name": "CVE-2024-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26896"
},
{
"name": "CVE-2025-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38286"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2025-12380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12380"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2022-2929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2929"
},
{
"name": "CVE-2018-15120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15120"
},
{
"name": "CVE-2024-58069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58069"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2025-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4287"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2025-21731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21731"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3605"
},
{
"name": "CVE-2025-38515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38515"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2017-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10928"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2025-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38163"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2017-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12429"
},
{
"name": "CVE-2025-38444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38444"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2023-2157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2157"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-58082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58082"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2025-55551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2023-48368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48368"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38157"
},
{
"name": "CVE-2023-24757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24757"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2022-31683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31683"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2025-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21872"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2017-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6832"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2024-45720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45720"
},
{
"name": "CVE-2022-1056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1056"
},
{
"name": "CVE-2018-10805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10805"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2025-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38219"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2025-38466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2020-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15095"
},
{
"name": "CVE-2018-16328",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16328"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5745"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2022-43239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43239"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2022-32546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32546"
},
{
"name": "CVE-2025-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0838"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2025-55553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55553"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2021-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4219"
},
{
"name": "CVE-2018-15798",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15798"
},
{
"name": "CVE-2025-55154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55154"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2017-11447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11447"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2023-39593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39593"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-46569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46569"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2018-14434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14434"
},
{
"name": "CVE-2019-6293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6293"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2021-3468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3468"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-58061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58061"
},
{
"name": "CVE-2025-46148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46148"
},
{
"name": "CVE-2024-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58058"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2149"
},
{
"name": "CVE-2021-3502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3502"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2018-16329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16329"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58056"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2024-43790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43790"
},
{
"name": "CVE-2025-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38313"
},
{
"name": "CVE-2025-38336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38336"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2025-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22009"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2025-21727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21727"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43240"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2021-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20312"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2023-52593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52593"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2023-26785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26785"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2024-57970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21929"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2025-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21735"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-3000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3000"
},
{
"name": "CVE-2022-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3213"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38112"
},
{
"name": "CVE-2025-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5878"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2024-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58063"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2025-38500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38500"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8961"
},
{
"name": "CVE-2025-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21977"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2025-21779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
},
{
"name": "CVE-2024-58005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-38203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38203"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2022-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0909"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2023-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38633"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2021-46312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46312"
},
{
"name": "CVE-2018-14628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14628"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38476"
},
{
"name": "CVE-2019-6461",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6461"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2015-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
},
{
"name": "CVE-2022-43244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43244"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2015-7696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7696"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2025-38387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38387"
},
{
"name": "CVE-2023-45922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45922"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-38362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38362"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2025-40004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40004"
},
{
"name": "CVE-2017-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7619"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-38371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38371"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-57982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57982"
},
{
"name": "CVE-2025-38445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38445"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-21746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-24070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2019-17547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17547"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2021-36411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36411"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2018-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10919"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-53014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53014"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2018-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10804"
},
{
"name": "CVE-2025-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38159"
},
{
"name": "CVE-2022-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0907"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-3670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3670"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2025-38305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-38067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2024-58054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58054"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40364"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2013-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2064"
},
{
"name": "CVE-2025-38401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38401"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2024-58070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58070"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2020-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25663"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58057"
},
{
"name": "CVE-2025-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0306"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-58007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58007"
},
{
"name": "CVE-2023-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1355"
},
{
"name": "CVE-2025-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21995"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37967"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38102"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2025-55560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55560"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2025-59842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59842"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2024-27766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27766"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21714"
},
{
"name": "CVE-2024-58078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58078"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-38399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38399"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2023-34153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34153"
},
{
"name": "CVE-2023-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3618"
},
{
"name": "CVE-2020-14153",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14153"
},
{
"name": "CVE-2022-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1114"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2025-38412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38412"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2011-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2207"
},
{
"name": "CVE-2025-54874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54874"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2025-38293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38293"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21830"
},
{
"name": "CVE-2018-12600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12600"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2025-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38184"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2025-9340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9340"
},
{
"name": "CVE-2023-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24758"
},
{
"name": "CVE-2025-55552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2016-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7531"
},
{
"name": "CVE-2006-3082",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3082"
},
{
"name": "CVE-2023-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5341"
},
{
"name": "CVE-2025-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8534"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3262"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-0743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0743"
},
{
"name": "CVE-2025-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21961"
},
{
"name": "CVE-2025-38458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38458"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2016-10062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10062"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2023-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34152"
},
{
"name": "CVE-2022-43249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43249"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2024-58085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58085"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2025-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38135"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2022-43242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43242"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2025-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2019-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14844"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21982"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-21828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21828"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2025-38363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38363"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2022-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0865"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2025-38319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38319"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2022-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0529"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2016-7514",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7514"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2025-9092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9092"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2021-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3598"
},
{
"name": "CVE-2025-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21880"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-38212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-38298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38298"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-37974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37974"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2024-57834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
},
{
"name": "CVE-2025-55197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55197"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55558"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2024-58017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58017"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2025-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21809"
},
{
"name": "CVE-2025-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38419"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2021-32490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32490"
},
{
"name": "CVE-2020-27768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27768"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2016-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5118"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-46045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46045"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2025-55557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55557"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2025-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2999"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2021-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35452"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2020-10251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10251"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2025-21745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2020-18781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18781"
},
{
"name": "CVE-2025-7709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7709"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38251"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38120"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2025-38285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37750"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38161"
},
{
"name": "CVE-2025-9640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9640"
},
{
"name": "CVE-2022-1897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
},
{
"name": "CVE-2022-43248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43248"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2024-58081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58081"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2017-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6829"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2021-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4214"
},
{
"name": "CVE-2025-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21911"
},
{
"name": "CVE-2023-24752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24752"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-43245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43245"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2018-9133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9133"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38115"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2025-21816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21816"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2021-36410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36410"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
},
{
"name": "CVE-2025-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38153"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2024-58003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58003"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-38395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38395"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38337"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2024-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-38465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-38513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38513"
},
{
"name": "CVE-2025-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21736"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21741"
},
{
"name": "CVE-2020-18032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18032"
},
{
"name": "CVE-2017-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6833"
},
{
"name": "CVE-2025-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21808"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-58076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58076"
},
{
"name": "CVE-2023-24751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24751"
},
{
"name": "CVE-2025-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21708"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21720"
},
{
"name": "CVE-2025-32463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32463"
},
{
"name": "CVE-2015-7747",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7747"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2025-55004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55004"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38441"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2023-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38037"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2519"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21711"
},
{
"name": "CVE-2025-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2998"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2021-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20313"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2023-45913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45913"
},
{
"name": "CVE-2018-13153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13153"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2023-34474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34474"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-38227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38227"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-58079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58079"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2021-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45931"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2021-28544",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2025-21734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21734"
},
{
"name": "CVE-2025-32728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32728"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2021-44964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44964"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2018-14437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14437"
},
{
"name": "CVE-2024-13978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13978"
},
{
"name": "CVE-2025-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21890"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2021-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3596"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2024-57883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57883"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2017-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6830"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-21748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21748"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2021-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46310"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38074"
},
{
"name": "CVE-2024-58086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
},
{
"name": "CVE-2025-38119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38119"
},
{
"name": "CVE-2025-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38245"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2020-14152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14152"
},
{
"name": "CVE-2025-38324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38324"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2024-58051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58051"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2025-9390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9390"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2019-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9904"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2025-9165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9165"
},
{
"name": "CVE-2023-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1981"
},
{
"name": "CVE-2023-30571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30571"
},
{
"name": "CVE-2022-2231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2231"
},
{
"name": "CVE-2025-46150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46150"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38542"
},
{
"name": "CVE-2025-38344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38344"
},
{
"name": "CVE-2023-28120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28120"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2025-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38088"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2020-35492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35492"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2023-1289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1289"
},
{
"name": "CVE-2025-38386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38386"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2025-9341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9341"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-21895",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21895"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2018-16412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16412"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2019-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6462"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2021-32493",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32493"
},
{
"name": "CVE-2023-24754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24754"
},
{
"name": "CVE-2020-29509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29509"
},
{
"name": "CVE-2023-5568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5568"
},
{
"name": "CVE-2023-38470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38470"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2025-38237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38237"
},
{
"name": "CVE-2025-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38174"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2025-21888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21888"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2024-57990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57990"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2014-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9636"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2022-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2022-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2521"
},
{
"name": "CVE-2023-49582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49582"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21976"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-57975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57975"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-32491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32491"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0924"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2022-33068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33068"
},
{
"name": "CVE-2025-38342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-58068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58068"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2024-57998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57998"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-38206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38206"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2023-47282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47282"
},
{
"name": "CVE-2016-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-20012"
},
{
"name": "CVE-2025-38111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2019-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3792"
},
{
"name": "CVE-2022-43235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43235"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22001"
},
{
"name": "CVE-2024-10524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
},
{
"name": "CVE-2025-40017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40017"
},
{
"name": "CVE-2023-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45919"
},
{
"name": "CVE-2025-38326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38326"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2018-15607",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15607"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38384"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38424"
},
{
"name": "CVE-2025-38430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2025-3001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3001"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-32545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32545"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2025-21820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21820"
},
{
"name": "CVE-2017-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6838"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-41817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41817"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6835"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2025-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38420"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2024-57997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57997"
},
{
"name": "CVE-2025-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38160"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-31782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31782"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38107"
},
{
"name": "CVE-2025-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32434"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2025-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"name": "CVE-2025-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38197"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2022-43253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43253"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2025-53019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53019"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-53367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53367"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2021-45942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45942"
},
{
"name": "CVE-2022-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1615"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2021-20246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20246"
},
{
"name": "CVE-2025-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21707"
},
{
"name": "CVE-2023-24755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24755"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-38467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38467"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2025-21804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21804"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2017-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6837"
},
{
"name": "CVE-2014-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9913"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-37407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37407"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2025-22011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22011"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43252"
},
{
"name": "CVE-2023-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0614"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2020-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21606"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2001-1269",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1269"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38617"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2023-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47169"
},
{
"name": "CVE-2025-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38122"
},
{
"name": "CVE-2025-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21801"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-38173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38173"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2148"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38143"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2023-38469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38469"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2016-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5841"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53101"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2022-44267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44267"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2019-8321",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8321"
},
{
"name": "CVE-2025-21826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21826"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-21750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21750"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2025-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46393"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2021-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0561"
},
{
"name": "CVE-2018-12599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12599"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-38416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38416"
},
{
"name": "CVE-2022-1587",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1587"
},
{
"name": "CVE-2025-21825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21825"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0284"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2024-58016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58016"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21903"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2025-38194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38194"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1667"
},
{
"name": "CVE-2022-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2953"
},
{
"name": "CVE-2022-43238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43238"
},
{
"name": "CVE-2025-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3121"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2024-20696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20696"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-46149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46149"
},
{
"name": "CVE-2021-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26945"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-46152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46152"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2025-38348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38348"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2025-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38540"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2022-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28463"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2025-21726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21726"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2018-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3779"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2022-28805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28805"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2025-21723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21723"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38146"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2022-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1355"
},
{
"name": "CVE-2025-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47291"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2025-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38418"
},
{
"name": "CVE-2025-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38090"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2025-21810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21810"
},
{
"name": "CVE-2022-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2021-24031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24031"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-46153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46153"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2025-5994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5994"
},
{
"name": "CVE-2021-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38115"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2021-31879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2021-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20309"
},
{
"name": "CVE-2022-29217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29217"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38472"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2017-12643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12643"
},
{
"name": "CVE-2024-57953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57953"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2021-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26720"
},
{
"name": "CVE-2025-54801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54801"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2023-24756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24756"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2022-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2520"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-9403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9403"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2016-4074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4074"
},
{
"name": "CVE-2024-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0746"
},
{
"name": "CVE-2025-21775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2022-33099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33099"
},
{
"name": "CVE-2023-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45931"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-38400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26775"
},
{
"name": "CVE-2022-25309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25309"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38136"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-55212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55212"
},
{
"name": "CVE-2022-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36087"
},
{
"name": "CVE-2022-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32547"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-26280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26280"
},
{
"name": "CVE-2025-37752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37752"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2025-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21873"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2018-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11655"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2022-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2928"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-57803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57803"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2020-29511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29511"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2015-7697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7697"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21742"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-43243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43243"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2017-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16231"
},
{
"name": "CVE-2025-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38406"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21930"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2017-9409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9409"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2025-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21892"
},
{
"name": "CVE-2024-58052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58052"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2025-55554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
},
{
"name": "CVE-2024-43168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43168"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22016"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2025-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38263"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-46901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46901"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2025-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21955"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"name": "CVE-2025-21773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38218"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2024-43167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43167"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-1000035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000035"
},
{
"name": "CVE-2021-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40211"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2025-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"name": "CVE-2024-26256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2020-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0499"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3136"
},
{
"name": "CVE-2025-55160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55160"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38249"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2022-48703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48703"
},
{
"name": "CVE-2025-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38154"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30699"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-38389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38389"
},
{
"name": "CVE-2025-38448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38448"
},
{
"name": "CVE-2022-48281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48281"
},
{
"name": "CVE-2023-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2426"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2025-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
},
{
"name": "CVE-2021-20176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20176"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2025-55298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55298"
},
{
"name": "CVE-2022-43241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43241"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38377"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2023-22656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22656"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-43965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43965"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2021-36408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36408"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2023-39327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
},
{
"name": "CVE-2017-18253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18253"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-58053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58053"
},
{
"name": "CVE-2025-38516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38516"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-38462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38462"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38428"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2018-13410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13410"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-38262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38262"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2025-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38138"
},
{
"name": "CVE-2021-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3610"
},
{
"name": "CVE-2024-58077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58077"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-38310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38310"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2022-43250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43250"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2025-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38226"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38473"
},
{
"name": "CVE-2025-38443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38443"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-52099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52099"
},
{
"name": "CVE-2023-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43887"
},
{
"name": "CVE-2025-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21967"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"name": "CVE-2025-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38439"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38145"
},
{
"name": "CVE-2022-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2598"
},
{
"name": "CVE-2020-27829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27829"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-21749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21749"
},
{
"name": "CVE-2017-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6839"
},
{
"name": "CVE-2023-1906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1906"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2023-47471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47471"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2022-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1771"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2021-32492",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32492"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-55005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55005"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2022-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1586"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-40015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40015"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2025-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21829"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2024-57999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57999"
},
{
"name": "CVE-2018-16645",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16645"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2025-21969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21969"
},
{
"name": "CVE-2025-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38200"
},
{
"name": "CVE-2025-40007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40007"
},
{
"name": "CVE-2024-58072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58072"
},
{
"name": "CVE-2025-38273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38273"
},
{
"name": "CVE-2025-38346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38346"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2025-21722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21722"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
},
{
"name": "CVE-2022-2719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2719"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2023-34151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34151"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2021-43809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43809"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2015-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1606"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2023-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3896"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2020-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21599"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39978"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-38320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38320"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8177"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2021-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20311"
},
{
"name": "CVE-2024-58055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58055"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2024-57993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57993"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2021-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20241"
},
{
"name": "CVE-2017-12674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12674"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2025-62171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62171"
},
{
"name": "CVE-2025-38280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2025-50950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50950"
},
{
"name": "CVE-2020-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21605"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2017-1000476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000476"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2015-8863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8863"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2018-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11656"
},
{
"name": "CVE-2025-38103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38103"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2025-38514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38514"
},
{
"name": "CVE-2018-19876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19876"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-20310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20310"
},
{
"name": "CVE-2021-20245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20245"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2025-21732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21732"
},
{
"name": "CVE-2025-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38569"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2023-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22796"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2025-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38204"
},
{
"name": "CVE-2021-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40812"
},
{
"name": "CVE-2021-4217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4217"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2018-9135",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9135"
},
{
"name": "CVE-2025-38410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38410"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2021-39212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39212"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2017-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12433"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2021-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3574"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-58006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58006"
},
{
"name": "CVE-2025-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21710"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2025-22088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22088"
},
{
"name": "CVE-2025-38460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38460"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2025-38345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-21815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21815"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2017-6836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6836"
},
{
"name": "CVE-2021-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3500"
},
{
"name": "CVE-2022-25310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25310"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2025-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57807"
},
{
"name": "CVE-2025-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2024-58080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58080"
},
{
"name": "CVE-2025-21744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21744"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2025-31498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31498"
},
{
"name": "CVE-2022-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30698"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2024-57986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57986"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2021-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20244"
},
{
"name": "CVE-2025-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38181"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38391"
},
{
"name": "CVE-2025-11411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2016-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9844"
},
{
"name": "CVE-2019-13136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3941"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2025-21811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21811"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0969",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36320",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36320"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36423",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36423"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36364"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36351"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36424",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36424"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36412",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36412"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36388",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36388"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36426",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36426"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36411",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36411"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36357",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36357"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36408",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36408"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36349",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36349"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36414",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36414"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36397",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36397"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36389",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36389"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36398",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36398"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36380",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36380"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36407"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36362",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36362"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36413",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36413"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36384",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36384"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36379",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36379"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36400",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36400"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36377",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36377"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36368",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36368"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36418",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36418"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36420",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36420"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36391",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36391"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36392",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36392"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36353",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36353"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-14",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36356"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36422",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36422"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36381",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36381"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36421",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36421"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36416",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36416"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-86",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36415"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36403",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36403"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36347",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36347"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36383",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36383"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36410",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36410"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36352",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36352"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36394",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36394"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36354",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36354"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36399",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36399"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36350"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36419",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36419"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-85",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36401"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36365"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36405"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36367"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36395",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36395"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36387",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36387"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36363",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36363"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36385",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36385"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36409",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36409"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36359"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36348",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36348"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36386",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36386"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36417",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36417"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36425",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36425"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36366"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36360"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36355",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36355"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36358"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36396",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36396"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36378",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36378"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36382",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36382"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36404"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36361"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36402",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36402"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36393",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36393"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36406",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36406"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36390"
}
]
}
CERTFR-2025-AVI-1079
Vulnerability from certfr_avis - Published: 2025-12-09 - Updated: 2025-12-09
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAPUI5 framework | SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de sécurité | ||
| SAP | BusinessObjects | Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
| SAP | Web Dispatcher, Internet Communication Manager et Content Server | Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de sécurité | ||
| SAP | jConnect | jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de sécurité | ||
| SAP | Enterprise Search pour ABAP | Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | Web Dispatcher et Internet Communication Manager (ICM) | Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA | S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de sécurité | ||
| SAP | Business Objects Business Intelligence Platform | Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | Solution Manager | Solution Manager version ST 720 sans le dernier correctif de sécurité | ||
| SAP | Application Server ABAP | Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAPUI5 framework",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "BusinessObjects",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Web Dispatcher, Internet Communication Manager et Content Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "jConnect",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Enterprise Search pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Web Dispatcher et Internet Communication Manager (ICM)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Objects Business Intelligence Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Solution Manager version ST 720 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Solution Manager",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Application Server ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42875"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-42904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42904"
},
{
"name": "CVE-2025-42891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42891"
},
{
"name": "CVE-2025-42877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42877"
},
{
"name": "CVE-2025-42880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42880"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-42874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42874"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-42873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42873"
},
{
"name": "CVE-2025-42878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42878"
},
{
"name": "CVE-2025-42876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42876"
},
{
"name": "CVE-2025-42872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42872"
},
{
"name": "CVE-2025-42928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42928"
},
{
"name": "CVE-2025-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42896"
}
],
"initial_release_date": "2025-12-09T00:00:00",
"last_revision_date": "2025-12-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1079",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP december-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html"
}
]
}
CERTFR-2026-AVI-0281
Vulnerability from certfr_avis - Published: 2026-03-12 - Updated: 2026-03-12
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk AppDynamics On-Premises Enterprise Console | Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x antérieures à 26.1.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.12 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.124 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.9 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.1 | ||
| Splunk | Splunk AppDynamics NodeJS Agent | Splunk AppDynamics NodeJS Agent versions 25.12.x antérieures à 25.12.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.4 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.10 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.17 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk AppDynamics Private Synthetic Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x ant\u00e9rieures \u00e0 26.1.1",
"product": {
"name": "Splunk AppDynamics On-Premises Enterprise Console",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.12",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.124",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.9",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics NodeJS Agent versions 25.12.x ant\u00e9rieures \u00e0 25.12.1",
"product": {
"name": "Splunk AppDynamics NodeJS Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.10",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.17",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.7",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2018-16864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16864"
},
{
"name": "CVE-2025-48073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48073"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-11219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11219"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1594"
},
{
"name": "CVE-2025-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3887"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-4574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4574"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12433"
},
{
"name": "CVE-2025-12444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12444"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2025-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11213"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-12036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12036"
},
{
"name": "CVE-2012-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0871"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2025-0518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0518"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-12438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12438"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2025-12435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12435"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2013-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4394"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2025-64183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64183"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-47808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47808"
},
{
"name": "CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2017-18078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18078"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2025-11207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11207"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2025-13223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13223"
},
{
"name": "CVE-2025-12431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12431"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2026-21226",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21226"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12445"
},
{
"name": "CVE-2025-12437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12437"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2025-69230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69230"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-0716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0716"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-12434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12434"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-12439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12439"
},
{
"name": "CVE-2018-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16865"
},
{
"name": "CVE-2025-14874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14874"
},
{
"name": "CVE-2020-17521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2025-48072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48072"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-12432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12432"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2026-20165",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20165"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-22919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22919"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-12443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12443"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-6602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6602"
},
{
"name": "CVE-2025-11215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11215"
},
{
"name": "CVE-2013-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4393"
},
{
"name": "CVE-2019-3842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
},
{
"name": "CVE-2025-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11205"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2025-11208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11208"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-8372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8372"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-3360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11756"
},
{
"name": "CVE-2025-59730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59730"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2025-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11212"
},
{
"name": "CVE-2025-12495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12495"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2025-12840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12840"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-11458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11458"
},
{
"name": "CVE-2020-1712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1712"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12429"
},
{
"name": "CVE-2026-20164",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20164"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-11211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11211"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2025-47807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47807"
},
{
"name": "CVE-2025-47806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47806"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-64182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64182"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2023-6604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6604"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2017-9217",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9217"
},
{
"name": "CVE-2025-60753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
},
{
"name": "CVE-2025-64181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64181"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-12436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12436"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2013-4327",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4327"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-12446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12446"
},
{
"name": "CVE-2025-13228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13228"
},
{
"name": "CVE-2013-4391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4391"
},
{
"name": "CVE-2026-20166",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20166"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-12441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12441"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-47183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47183"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-6601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6601"
},
{
"name": "CVE-2018-16888",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16888"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13224"
},
{
"name": "CVE-2025-13042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13042"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2025-11460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11460"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2025-13229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13229"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2025-12440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12440"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-11216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11216"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2018-1049",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1049"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-11210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11210"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2025-12729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-10256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10256"
},
{
"name": "CVE-2026-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20162"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-12839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12839"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-37727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2019-3844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3844"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-12728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2023-6605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6605"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2025-12430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12430"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-11206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11206"
},
{
"name": "CVE-2025-62408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62408"
},
{
"name": "CVE-2018-15686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15686"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-9951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9951"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2025-59729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59729"
},
{
"name": "CVE-2025-48071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48071"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2025-69224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69224"
},
{
"name": "CVE-2025-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2759"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2024-8373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8373"
},
{
"name": "CVE-2025-11209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11209"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21490"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2023-49501",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49501"
},
{
"name": "CVE-2019-3843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3843"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2026-26981",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26981"
},
{
"name": "CVE-2025-12447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12447"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2013-4392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4392"
},
{
"name": "CVE-2025-48074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48074"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2016-7795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7795"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-12428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12428"
},
{
"name": "CVE-2026-20163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20163"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2026-03-12T00:00:00",
"last_revision_date": "2026-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0281",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0302",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0302"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0311",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0311"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0308",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0308"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0309",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0309"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0305",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0305"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0310",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0310"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0304",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0304"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0301",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0301"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0313",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0313"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0306",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0306"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0303",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0303"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0307",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0307"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0312",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0312"
}
]
}
CERTFR-2026-AVI-0395
Vulnerability from certfr_avis - Published: 2026-04-03 - Updated: 2026-04-03
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x sans le correctif de sécurité PH70422 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP15 IF01 | ||
| IBM | WebSphere Automation | WebSphere Automation versions antérieures à 1.12.0 | ||
| IBM | Storage Protect | Storage Protect Plus Server versions 10.1.x antérieures à 10.1.18 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif de s\u00e9curit\u00e9 PH70422",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP15 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.12.0",
"product": {
"name": "WebSphere Automation",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.18",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2025-40064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2021-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-42316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
},
{
"name": "CVE-2023-3006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3006"
},
{
"name": "CVE-2026-27205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
},
{
"name": "CVE-2017-18342",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18342"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2022-2255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2255"
},
{
"name": "CVE-2019-20477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2024-43898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43898"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2021-44568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44568"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2021-33929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2024-5629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5629"
},
{
"name": "CVE-2021-28957",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2021-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
},
{
"name": "CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2025-71085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71085"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2021-33928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
},
{
"name": "CVE-2022-48565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2019-11340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11340"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2026-23001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23001"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2024-42294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42294"
},
{
"name": "CVE-2021-33930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2019-18874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-20270",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20270"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2024-46759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-36880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36880"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2024-43820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43820"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2025-14847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14847"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2024-42321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
},
{
"name": "CVE-2024-52317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
},
{
"name": "CVE-2026-23097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23097"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2019-7548",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7548"
},
{
"name": "CVE-2020-14422",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14422"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2021-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2021-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2025-68800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
},
{
"name": "CVE-2021-27291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27291"
},
{
"name": "CVE-2019-7164",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7164"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2026-04-03T00:00:00",
"last_revision_date": "2026-04-03T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0395",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7268179",
"url": "https://www.ibm.com/support/pages/node/7268179"
},
{
"published_at": "2026-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7267689",
"url": "https://www.ibm.com/support/pages/node/7267689"
},
{
"published_at": "2026-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7268331",
"url": "https://www.ibm.com/support/pages/node/7268331"
},
{
"published_at": "2026-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7267801",
"url": "https://www.ibm.com/support/pages/node/7267801"
}
]
}
CERTFR-2026-AVI-0112
Vulnerability from certfr_avis - Published: 2026-02-02 - Updated: 2026-02-02
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.7 | ||
| VMware | Tanzu Kubernetes Grid Integrated Edition | Tanzu Kubernetes Grid Integrated Edition (TKGi) - Mgmt Console versions antérieures à 1.24.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.7+LTS-T | ||
| VMware | N/A | NodeJS Buildpack versions antérieures à 1.8.74 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.3 | ||
| VMware | Tanzu Platform | Telemetry pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | N/A | Platform Automation Toolkit versions antérieures à 5.4.0 | ||
| VMware | N/A | VMware Harbor Registry versions antérieures à 2.14.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Kubernetes Grid Integrated Edition (TKGi) - Mgmt Console versions ant\u00e9rieures \u00e0 1.24.0",
"product": {
"name": "Tanzu Kubernetes Grid Integrated Edition",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.7+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.74",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Harbor Registry versions ant\u00e9rieures \u00e0 2.14.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2026-24882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24882"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2025-55198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55198"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
},
{
"name": "CVE-2022-49390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49390"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2023-34231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34231"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-3360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-14762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14762"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-55199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55199"
},
{
"name": "CVE-2025-61594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-11414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2026-24883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24883"
},
{
"name": "CVE-2025-39964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
},
{
"name": "CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-6966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6966"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-8959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8959"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-40018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2025-67499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67499"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-11413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-23419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23419"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-11412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
},
{
"name": "CVE-2026-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-47220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47220"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2026-1489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
},
{
"name": "CVE-2026-24881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24881"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-11494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11494"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-02-02T00:00:00",
"last_revision_date": "2026-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0112",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36902",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36902"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36908",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36908"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36897",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36897"
},
{
"published_at": "2026-02-01",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36912",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36912"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36904",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36904"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36900",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36900"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36903",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36903"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36909",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36909"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36899",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36899"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36906",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36906"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36907",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36907"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36901",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36901"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36905",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36905"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36898",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36898"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36910",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36910"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36911",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36911"
}
]
}
CERTFR-2026-AVI-0112
Vulnerability from certfr_avis - Published: 2026-02-02 - Updated: 2026-02-02
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.7 | ||
| VMware | Tanzu Kubernetes Grid Integrated Edition | Tanzu Kubernetes Grid Integrated Edition (TKGi) - Mgmt Console versions antérieures à 1.24.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.7+LTS-T | ||
| VMware | N/A | NodeJS Buildpack versions antérieures à 1.8.74 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.3 | ||
| VMware | Tanzu Platform | Telemetry pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | N/A | Platform Automation Toolkit versions antérieures à 5.4.0 | ||
| VMware | N/A | VMware Harbor Registry versions antérieures à 2.14.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Kubernetes Grid Integrated Edition (TKGi) - Mgmt Console versions ant\u00e9rieures \u00e0 1.24.0",
"product": {
"name": "Tanzu Kubernetes Grid Integrated Edition",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.7+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.74",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Harbor Registry versions ant\u00e9rieures \u00e0 2.14.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2026-24882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24882"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2025-55198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55198"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
},
{
"name": "CVE-2022-49390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49390"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2023-34231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34231"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-3360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-14762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14762"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-55199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55199"
},
{
"name": "CVE-2025-61594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-11414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2026-24883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24883"
},
{
"name": "CVE-2025-39964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
},
{
"name": "CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-6966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6966"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-8959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8959"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-40018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2025-67499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67499"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-11413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-23419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23419"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-11412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
},
{
"name": "CVE-2026-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-47220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47220"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2026-1489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
},
{
"name": "CVE-2026-24881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24881"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-11494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11494"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-02-02T00:00:00",
"last_revision_date": "2026-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0112",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36902",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36902"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36908",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36908"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36897",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36897"
},
{
"published_at": "2026-02-01",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36912",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36912"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36904",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36904"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36900",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36900"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36903",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36903"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36909",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36909"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36899",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36899"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36906",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36906"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36907",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36907"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36901",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36901"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36905",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36905"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36898",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36898"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36910",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36910"
},
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36911",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36911"
}
]
}
SUSE-SU-2026:1058-1
Vulnerability from csaf_suse - Published: 2026-03-26 09:46 - Updated: 2026-03-26 09:46Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.115:
- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895).
- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash
(bsc#1246389).
- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2023-44487: Rapid reset attack (bsc#1216182).
Patchnames: SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.115:\n\n- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to \u0027MadeYouReset\u0027 DoS attack (bsc#1243895).\n- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash\n (bsc#1246389).\n- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).\n- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).\n- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).\n- CVE-2023-44487: Rapid reset attack (bsc#1216182).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1058-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216182",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "self",
"summary": "SUSE Bug 1243895",
"url": "https://bugzilla.suse.com/1243895"
},
{
"category": "self",
"summary": "SUSE Bug 1246318",
"url": "https://bugzilla.suse.com/1246318"
},
{
"category": "self",
"summary": "SUSE Bug 1246389",
"url": "https://bugzilla.suse.com/1246389"
},
{
"category": "self",
"summary": "SUSE Bug 1258371",
"url": "https://bugzilla.suse.com/1258371"
},
{
"category": "self",
"summary": "SUSE Bug 1258385",
"url": "https://bugzilla.suse.com/1258385"
},
{
"category": "self",
"summary": "SUSE Bug 1259224",
"url": "https://bugzilla.suse.com/1259224"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13934 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13935 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13943 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17527 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25329 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33037 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23181 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42252 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24549 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48989 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52434 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52520 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24733/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-03-26T09:46:45Z",
"generator": {
"date": "2026-03-26T09:46:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1058-1",
"initial_release_date": "2026-03-26T09:46:45Z",
"revision_history": [
{
"date": "2026-03-26T09:46:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-9.0.115-3.160.1.noarch",
"product_id": "tomcat-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product_id": "tomcat-embed-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-javadoc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsvc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product_id": "tomcat-lib-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-webapps-9.0.115-3.160.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13934"
}
],
"notes": [
{
"category": "general",
"text": "An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13934",
"url": "https://www.suse.com/security/cve/CVE-2020-13934"
},
{
"category": "external",
"summary": "SUSE Bug 1174121 for CVE-2020-13934",
"url": "https://bugzilla.suse.com/1174121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13935"
}
],
"notes": [
{
"category": "general",
"text": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13935",
"url": "https://www.suse.com/security/cve/CVE-2020-13935"
},
{
"category": "external",
"summary": "SUSE Bug 1174117 for CVE-2020-13935",
"url": "https://bugzilla.suse.com/1174117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13943"
}
],
"notes": [
{
"category": "general",
"text": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13943",
"url": "https://www.suse.com/security/cve/CVE-2020-13943"
},
{
"category": "external",
"summary": "SUSE Bug 1177582 for CVE-2020-13943",
"url": "https://bugzilla.suse.com/1177582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-17527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17527"
}
],
"notes": [
{
"category": "general",
"text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17527",
"url": "https://www.suse.com/security/cve/CVE-2020-17527"
},
{
"category": "external",
"summary": "SUSE Bug 1179602 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1179602"
},
{
"category": "external",
"summary": "SUSE Bug 1180830 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1180830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-17527"
},
{
"cve": "CVE-2021-24122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24122"
}
],
"notes": [
{
"category": "general",
"text": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24122",
"url": "https://www.suse.com/security/cve/CVE-2021-24122"
},
{
"category": "external",
"summary": "SUSE Bug 1180947 for CVE-2021-24122",
"url": "https://bugzilla.suse.com/1180947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25122"
}
],
"notes": [
{
"category": "general",
"text": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25122",
"url": "https://www.suse.com/security/cve/CVE-2021-25122"
},
{
"category": "external",
"summary": "SUSE Bug 1182912 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1182912"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25329"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25329",
"url": "https://www.suse.com/security/cve/CVE-2021-25329"
},
{
"category": "external",
"summary": "SUSE Bug 1182909 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1182909"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30640",
"url": "https://www.suse.com/security/cve/CVE-2021-30640"
},
{
"category": "external",
"summary": "SUSE Bug 1188279 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1188279"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33037"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33037",
"url": "https://www.suse.com/security/cve/CVE-2021-33037"
},
{
"category": "external",
"summary": "SUSE Bug 1188278 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1188278"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41079"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41079",
"url": "https://www.suse.com/security/cve/CVE-2021-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1190558 for CVE-2021-41079",
"url": "https://bugzilla.suse.com/1190558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-43980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43980"
}
],
"notes": [
{
"category": "general",
"text": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43980",
"url": "https://www.suse.com/security/cve/CVE-2021-43980"
},
{
"category": "external",
"summary": "SUSE Bug 1203868 for CVE-2021-43980",
"url": "https://bugzilla.suse.com/1203868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-23181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23181"
}
],
"notes": [
{
"category": "general",
"text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23181",
"url": "https://www.suse.com/security/cve/CVE-2022-23181"
},
{
"category": "external",
"summary": "SUSE Bug 1195255 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1195255"
},
{
"category": "external",
"summary": "SUSE Bug 1196395 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1196395"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-42252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42252"
}
],
"notes": [
{
"category": "general",
"text": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42252",
"url": "https://www.suse.com/security/cve/CVE-2022-42252"
},
{
"category": "external",
"summary": "SUSE Bug 1204918 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1204918"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41080"
}
],
"notes": [
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41080",
"url": "https://www.suse.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1214666 for CVE-2023-41080",
"url": "https://bugzilla.suse.com/1214666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45468"
}
],
"notes": [
{
"category": "general",
"text": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45468",
"url": "https://www.suse.com/security/cve/CVE-2023-45468"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2023-45468",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-45468"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21733"
}
],
"notes": [
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21733",
"url": "https://www.suse.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1219023 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1219023"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-21733"
},
{
"cve": "CVE-2024-23672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23672"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23672",
"url": "https://www.suse.com/security/cve/CVE-2024-23672"
},
{
"category": "external",
"summary": "SUSE Bug 1221385 for CVE-2024-23672",
"url": "https://bugzilla.suse.com/1221385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24549"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24549",
"url": "https://www.suse.com/security/cve/CVE-2024-24549"
},
{
"category": "external",
"summary": "SUSE Bug 1221386 for CVE-2024-24549",
"url": "https://bugzilla.suse.com/1221386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-34750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34750"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34750",
"url": "https://www.suse.com/security/cve/CVE-2024-34750"
},
{
"category": "external",
"summary": "SUSE Bug 1227399 for CVE-2024-34750",
"url": "https://bugzilla.suse.com/1227399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38286"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38286",
"url": "https://www.suse.com/security/cve/CVE-2024-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1230986 for CVE-2024-38286",
"url": "https://bugzilla.suse.com/1230986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52316"
}
],
"notes": [
{
"category": "general",
"text": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52316",
"url": "https://www.suse.com/security/cve/CVE-2024-52316"
},
{
"category": "external",
"summary": "SUSE Bug 1233434 for CVE-2024-52316",
"url": "https://bugzilla.suse.com/1233434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "critical"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2025-24813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24813"
}
],
"notes": [
{
"category": "general",
"text": "Path Equivalence: \u0027file.Name\u0027 (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nIf all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads\n- attacker knowledge of the names of security sensitive files being uploaded\n- the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- application was using Tomcat\u0027s file based session persistence with the default storage location\n- application included a library that may be leveraged in a deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24813",
"url": "https://www.suse.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "SUSE Bug 1239302 for CVE-2025-24813",
"url": "https://bugzilla.suse.com/1239302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-46701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46701"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Case Sensitivity vulnerability in Apache Tomcat\u0027s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46701",
"url": "https://www.suse.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "SUSE Bug 1243815 for CVE-2025-46701",
"url": "https://bugzilla.suse.com/1243815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-48988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48988"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48988",
"url": "https://www.suse.com/security/cve/CVE-2025-48988"
},
{
"category": "external",
"summary": "SUSE Bug 1244656 for CVE-2025-48988",
"url": "https://bugzilla.suse.com/1244656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48988"
},
{
"cve": "CVE-2025-48989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48989"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48989",
"url": "https://www.suse.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1243895 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49125"
}
],
"notes": [
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49125",
"url": "https://www.suse.com/security/cve/CVE-2025-49125"
},
{
"category": "external",
"summary": "SUSE Bug 1244649 for CVE-2025-49125",
"url": "https://bugzilla.suse.com/1244649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-49125"
},
{
"cve": "CVE-2025-52434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52434"
}
],
"notes": [
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52434",
"url": "https://www.suse.com/security/cve/CVE-2025-52434"
},
{
"category": "external",
"summary": "SUSE Bug 1246389 for CVE-2025-52434",
"url": "https://bugzilla.suse.com/1246389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52520"
}
],
"notes": [
{
"category": "general",
"text": "For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52520",
"url": "https://www.suse.com/security/cve/CVE-2025-52520"
},
{
"category": "external",
"summary": "SUSE Bug 1246388 for CVE-2025-52520",
"url": "https://bugzilla.suse.com/1246388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53506"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53506",
"url": "https://www.suse.com/security/cve/CVE-2025-53506"
},
{
"category": "external",
"summary": "SUSE Bug 1246318 for CVE-2025-53506",
"url": "https://bugzilla.suse.com/1246318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53506"
},
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66614"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66614",
"url": "https://www.suse.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "SUSE Bug 1258371 for CVE-2025-66614",
"url": "https://bugzilla.suse.com/1258371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-66614"
},
{
"cve": "CVE-2026-24733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24733"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24733",
"url": "https://www.suse.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "SUSE Bug 1258385 for CVE-2026-24733",
"url": "https://bugzilla.suse.com/1258385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2026-24733"
}
]
}
SUSE-SU-2025:4086-1
Vulnerability from csaf_suse - Published: 2025-11-12 15:02 - Updated: 2025-11-12 15:02Summary
Security update for tomcat11
Severity
Important
Notes
Title of the patch: Security update for tomcat11
Description of the patch: This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames: SUSE-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4086,openSUSE-SLE-15.6-2025-4086
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4086,openSUSE-SLE-15.6-2025-4086",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4086-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4086-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254086-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4086-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023270.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-12T15:02:26Z",
"generator": {
"date": "2025-11-12T15:02:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4086-1",
"initial_release_date": "2025-11-12T15:02:26Z",
"revision_history": [
{
"date": "2025-11-12T15:02:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-doc-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-embed-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-lib-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:4159-1
Vulnerability from csaf_suse - Published: 2025-11-21 14:31 - Updated: 2025-11-21 14:31Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.111:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames: SUSE-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4159,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4159,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4159,SUSE-Storage-7.1-2025-4159,openSUSE-SLE-15.6-2025-4159
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n Update to Tomcat 9.0.111:\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4159,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4159,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4159,SUSE-Storage-7.1-2025-4159,openSUSE-SLE-15.6-2025-4159",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4159-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4159-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254159-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4159-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023311.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-11-21T14:31:51Z",
"generator": {
"date": "2025-11-21T14:31:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4159-1",
"initial_release_date": "2025-11-21T14:31:51Z",
"revision_history": [
{
"date": "2025-11-21T14:31:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-embed-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-embed-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-javadoc-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-jsvc-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-lib-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-webapps-9.0.111-150200.96.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server LTS 4.3",
"product": {
"name": "SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server-lts:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-embed-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:4103-1
Vulnerability from csaf_suse - Published: 2025-11-14 09:56 - Updated: 2025-11-14 09:56Summary
Security update for tomcat10
Severity
Important
Notes
Title of the patch: Security update for tomcat10
Description of the patch: This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.48
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames: SUSE-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4103,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4103,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4103,openSUSE-SLE-15.6-2025-4103
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat10 fixes the following issues:\n\nUpdate to Tomcat 10.1.48\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4103,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4103,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4103,openSUSE-SLE-15.6-2025-4103",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4103-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4103-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254103-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4103-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023281.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat10",
"tracking": {
"current_release_date": "2025-11-14T09:56:37Z",
"generator": {
"date": "2025-11-14T09:56:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4103-1",
"initial_release_date": "2025-11-14T09:56:37Z",
"revision_history": [
{
"date": "2025-11-14T09:56:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-doc-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-embed-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-lib-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:21152-1
Vulnerability from csaf_suse - Published: 2025-11-27 15:47 - Updated: 2025-11-27 15:47Summary
Security update for tomcat11
Severity
Important
Notes
Title of the patch: Security update for tomcat11
Description of the patch: This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames: SUSE-SLES-16.0-72
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21152-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21152-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521152-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21152-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023508.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:47:37Z",
"generator": {
"date": "2025-11-27T15:47:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21152-1",
"initial_release_date": "2025-11-27T15:47:37Z",
"revision_history": [
{
"date": "2025-11-27T15:47:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2025:4184-1
Vulnerability from csaf_suse - Published: 2025-11-24 07:56 - Updated: 2025-11-24 07:56Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756)
Patchnames: SUSE-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4184
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753)\n- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905)\n- CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4184",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4184-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4184-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254184-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4184-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023318.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-11-24T07:56:53Z",
"generator": {
"date": "2025-11-24T07:56:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4184-1",
"initial_release_date": "2025-11-24T07:56:53Z",
"revision_history": [
{
"date": "2025-11-24T07:56:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-9.0.36-3.153.2.noarch",
"product_id": "tomcat-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.153.2.noarch",
"product_id": "tomcat-embed-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.153.2.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch",
"product_id": "tomcat-lib-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch",
"product_id": "tomcat-webapps-9.0.36-3.153.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
SUSE-SU-2026:20084-1
Vulnerability from csaf_suse - Published: 2026-01-14 13:17 - Updated: 2026-01-14 13:17Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- Update to Tomcat 9.0.111
- Security fixes:
- CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat
(bsc#1252905).
- CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service
(bsc#1252756).
Patchnames: SUSE-SLES-16.0-143
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- Update to Tomcat 9.0.111\n - Security fixes:\n - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n - CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat\n (bsc#1252905).\n - CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service\n (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-143",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20084-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20084-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620084-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20084-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023815.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-01-14T13:17:56Z",
"generator": {
"date": "2026-01-14T13:17:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20084-1",
"initial_release_date": "2026-01-14T13:17:56Z",
"revision_history": [
{
"date": "2026-01-14T13:17:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-embed-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-embed-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-javadoc-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-jsvc-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-lib-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-lib-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-160000.1.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.111-160000.1.1.noarch",
"product_id": "tomcat-webapps-9.0.111-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-embed-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-embed-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-14T13:17:56Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-14T13:17:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.111-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.111-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-14T13:17:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
RHSA-2026:2740
Vulnerability from csaf_redhat - Published: 2026-02-16 18:57 - Updated: 2026-04-01 13:33Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release
Severity
Moderate
Notes
Topic: Red Hat JBoss Web Server 6.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2740
Workaround
Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2740
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2740
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2740",
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2740.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release",
"tracking": {
"current_release_date": "2026-04-01T13:33:08+00:00",
"generator": {
"date": "2026-04-01T13:33:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:2740",
"initial_release_date": "2026-02-16T18:57:53+00:00",
"revision_history": [
{
"date": "2026-02-16T18:57:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T20:39:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-01T13:33:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 10",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el10"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el10jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
RHSA-2026:2741
Vulnerability from csaf_redhat - Published: 2026-02-16 18:55 - Updated: 2026-04-01 13:33Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release
Severity
Moderate
Notes
Topic: Red Hat JBoss Web Server 6.2.0 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Linux Enterprise 10, and Windows Server.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.
6.5 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2026:2741
Workaround
Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2026:2741
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2026:2741
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.2.0 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Linux Enterprise 10, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2741",
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2741.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release",
"tracking": {
"current_release_date": "2026-04-01T13:33:09+00:00",
"generator": {
"date": "2026-04-01T13:33:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:2741",
"initial_release_date": "2026-02-16T18:55:18+00:00",
"revision_history": [
{
"date": "2026-02-16T18:55:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T20:39:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-01T13:33:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2.0",
"product": {
"name": "Red Hat JBoss Web Server 6.2.0",
"product_id": "Red Hat JBoss Web Server 6.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:55:18+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:55:18+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:55:18+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
FKIE_CVE-2025-55754
Vulnerability from fkie_nvd - Published: 2025-10-27 18:15 - Updated: 2025-11-14 17:37
Severity ?
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/10/27/5 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8252492F-6708-4904-8F48-E53D31B6CAF7",
"versionEndIncluding": "8.5.100",
"versionStartIncluding": "8.5.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80305B12-76BD-409C-9B76-4FD6E849C049",
"versionEndExcluding": "9.0.109",
"versionStartIncluding": "9.0.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B30CA0D9-834D-4044-B03B-7E6E60A4B0E6",
"versionEndExcluding": "10.0.27",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27F4F718-AE8D-417A-BEE4-780FD77625D2",
"versionEndExcluding": "10.1.45",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A3FE1-BC50-419D-AEFA-097C58A3F243",
"versionEndExcluding": "11.0.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue."
}
],
"id": "CVE-2025-55754",
"lastModified": "2025-11-14T17:37:41.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-27T18:15:42.710",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-150"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
BDU:2025-13927
Vulnerability from fstec - Published: 27.10.2025
VLAI Severity ?
Title
Уязвимость сервера приложений Apache Tomcat, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость сервера приложений Apache Tomcat связана с непринятием мер по нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
ООО «Ред Софт», АО «ИВК», Apache Software Foundation
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), АЛЬТ СП 10, Tomcat
Software Version
7.3 (РЕД ОС), - (АЛЬТ СП 10), от 11.0.0-M1 до 11.0.10 включительно (Tomcat), от 10.1.0-M1 до 10.1.44 включительно (Tomcat), от 9.0.0.40 до 9.0.108 включительно (Tomcat)
Possible Mitigations
Использование рекомендаций производителя:
https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Reference
https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-150
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Apache Software Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u043e\u0442 11.0.0-M1 \u0434\u043e 11.0.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Tomcat), \u043e\u0442 10.1.0-M1 \u0434\u043e 10.1.44 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Tomcat), \u043e\u0442 9.0.0.40 \u0434\u043e 9.0.108 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Tomcat)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.11.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-13927",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-55754",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041b\u042c\u0422 \u0421\u041f 10, Tomcat",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Apache Tomcat, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-150)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Apache Tomcat \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-150",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}
NCSC-2025-0395
Vulnerability from csaf_ncscnl - Published: 2025-12-12 09:29 - Updated: 2025-12-12 09:29Summary
Kwetsbaarheden verholpen in SAP Software
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: SAP heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, en SAP BusinessObjects.
Interpretaties: De kwetsbaarheden omvatten onder andere code-injectie, deserialisatie, en onvoldoende invoervalidatie, die kunnen leiden tot ongeautoriseerde toegang, gegevensverlies, en verstoring van de beschikbaarheid van systemen. Aangevallen systemen kunnen ernstige gevolgen ondervinden, zoals het uitvoeren van kwaadaardige code door geauthenticeerde aanvallers, en het risico op gegevenslekken door onvoldoende autorisatiecontroles. De impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen is aanzienlijk, met name voor de SAP producten die kwetsbaar zijn voor Denial-of-Service aanvallen en andere exploitatievormen.
Oplossingen: SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-116: Improper Encoding or Escaping of Output
CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
CWE-306: Missing Authentication for Critical Function
CWE-404: Improper Resource Shutdown or Release
CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-489: Active Debug Code
CWE-502: Deserialization of Untrusted Data
CWE-549: Missing Password Field Masking
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-862: Missing Authorization
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State
SAP Solution Manager has a code injection vulnerability due to inadequate input sanitation, allowing authenticated attackers to execute malicious code and potentially gain full control of the system.
9.9 (Critical)
Apache Tomcat has multiple vulnerabilities related to improper neutralization of ANSI escape sequences and directory traversal, affecting various versions and leading to potential data modification and console manipulation.
9.6 (Critical)
A deserialization vulnerability in SAP jConnect, particularly in the SDK for ASE, allows high privileged users to execute remote code, threatening system confidentiality, integrity, and availability.
9.1 (Critical)
SAP Web Dispatcher and ICM have vulnerabilities that could allow unauthenticated attackers to exploit internal testing interfaces, leading to potential sensitive data exposure and risks to application confidentiality and availability.
8.2 (High)
The SAP NetWeaver remote service for Xcelsius has vulnerabilities allowing arbitrary code execution and denial of service, posing risks to system integrity and availability.
7.9 (High)
Multiple denial of service (DoS) vulnerabilities have been identified in Oracle Application Testing Suite, Apache Commons FileUpload, and SAP Business Objects, affecting various versions and allowing potential exploitation by attackers.
7.5 (High)
SAP Web Dispatcher, Internet Communication Manager, and SAP Content Server have a memory corruption vulnerability that can be exploited by unauthenticated users, impacting availability without affecting confidentiality or integrity.
7.5 (High)
A vulnerability in SAP S/4 HANA Private Cloud allows authenticated attackers with limited authorization to access sensitive data and modify documents, posing a high confidentiality risk but low integrity risk.
7.1 (High)
The SAP Internet Communication Framework has a vulnerability due to missing authentication checks, allowing attackers to exploit authorization tokens, which affects the application's security posture.
6.6 (Medium)
An Information Disclosure vulnerability in Application Server ABAP allows authenticated attackers to access unmasked values in ABAP Lists, posing significant confidentiality risks.
6.5 (Medium)
A Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal allows unauthenticated attackers to inject malicious scripts, compromising user session information with low impact on confidentiality and integrity.
6.1 (Medium)
SAPUI5 and OpenUI5 contain a Denial of Service vulnerability in the markdown-it component, leading to high CPU usage and system unresponsiveness due to an infinite loop.
5.9 (Medium)
A missing authorization check in SAP Enterprise Search for ABAP allows high-privileged attackers to access and export database table contents, significantly compromising data confidentiality.
5.5 (Medium)
SAP BusinessObjects Business Intelligence Platform is susceptible to a Server-Side Request Forgery (SSRF) vulnerability, enabling unauthenticated remote attackers to send crafted requests that may compromise confidentiality and integrity.
5.4 (Medium)
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, en SAP BusinessObjects.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere code-injectie, deserialisatie, en onvoldoende invoervalidatie, die kunnen leiden tot ongeautoriseerde toegang, gegevensverlies, en verstoring van de beschikbaarheid van systemen. Aangevallen systemen kunnen ernstige gevolgen ondervinden, zoals het uitvoeren van kwaadaardige code door geauthenticeerde aanvallers, en het risico op gegevenslekken door onvoldoende autorisatiecontroles. De impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen is aanzienlijk, met name voor de SAP producten die kwetsbaar zijn voor Denial-of-Service aanvallen en andere exploitatievormen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Active Debug Code",
"title": "CWE-489"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Missing Password Field Masking",
"title": "CWE-549"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Internal Asset Exposed to Unsafe Debug Access Level or State",
"title": "CWE-1244"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP Software",
"tracking": {
"current_release_date": "2025-12-12T09:29:08.429888Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0395",
"initial_release_date": "2025-12-12T09:29:08.429888Z",
"revision_history": [
{
"date": "2025-12-12T09:29:08.429888Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Application Server ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "BusinessObjects Business Intelligence Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Enterprise Search for ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "NetWeaver Enterprise Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "NetWeaver Internet Communication Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "S4 HANA Private Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "SAPUI5, OpenUI5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Solution Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Web Dispatcher and Internet Communication Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Web Dispatcher, Internet Communication Manager and Content Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "jConnect"
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-42880",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "SAP Solution Manager has a code injection vulnerability due to inadequate input sanitation, allowing authenticated attackers to execute malicious code and potentially gain full control of the system.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42880 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42880.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42880"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat has multiple vulnerabilities related to improper neutralization of ANSI escape sequences and directory traversal, affecting various versions and leading to potential data modification and console manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55754 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55754.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-42928",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in SAP jConnect, particularly in the SDK for ASE, allows high privileged users to execute remote code, threatening system confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42928 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42928.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42928"
},
{
"cve": "CVE-2025-42878",
"cwe": {
"id": "CWE-1244",
"name": "Internal Asset Exposed to Unsafe Debug Access Level or State"
},
"notes": [
{
"category": "other",
"text": "Internal Asset Exposed to Unsafe Debug Access Level or State",
"title": "CWE-1244"
},
{
"category": "description",
"text": "SAP Web Dispatcher and ICM have vulnerabilities that could allow unauthenticated attackers to exploit internal testing interfaces, leading to potential sensitive data exposure and risks to application confidentiality and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42878 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42878.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42878"
},
{
"cve": "CVE-2025-42874",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"notes": [
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "description",
"text": "The SAP NetWeaver remote service for Xcelsius has vulnerabilities allowing arbitrary code execution and denial of service, posing risks to system integrity and availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42874"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial of service (DoS) vulnerabilities have been identified in Oracle Application Testing Suite, Apache Commons FileUpload, and SAP Business Objects, affecting various versions and allowing potential exploitation by attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-42877",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "SAP Web Dispatcher, Internet Communication Manager, and SAP Content Server have a memory corruption vulnerability that can be exploited by unauthenticated users, impacting availability without affecting confidentiality or integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42877 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42877.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42877"
},
{
"cve": "CVE-2025-42876",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"notes": [
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "description",
"text": "A vulnerability in SAP S/4 HANA Private Cloud allows authenticated attackers with limited authorization to access sensitive data and modify documents, posing a high confidentiality risk but low integrity risk.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42876 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42876.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42876"
},
{
"cve": "CVE-2025-42875",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "The SAP Internet Communication Framework has a vulnerability due to missing authentication checks, allowing attackers to exploit authorization tokens, which affects the application\u0027s security posture.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42875 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42875.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42875"
},
{
"cve": "CVE-2025-42904",
"cwe": {
"id": "CWE-549",
"name": "Missing Password Field Masking"
},
"notes": [
{
"category": "other",
"text": "Missing Password Field Masking",
"title": "CWE-549"
},
{
"category": "description",
"text": "An Information Disclosure vulnerability in Application Server ABAP allows authenticated attackers to access unmasked values in ABAP Lists, posing significant confidentiality risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42904 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42904.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42904"
},
{
"cve": "CVE-2025-42872",
"cwe": {
"id": "CWE-489",
"name": "Active Debug Code"
},
"notes": [
{
"category": "other",
"text": "Active Debug Code",
"title": "CWE-489"
},
{
"category": "description",
"text": "A Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal allows unauthenticated attackers to inject malicious scripts, compromising user session information with low impact on confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42872 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42872.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42872"
},
{
"cve": "CVE-2025-42873",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"notes": [
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "description",
"text": "SAPUI5 and OpenUI5 contain a Denial of Service vulnerability in the markdown-it component, leading to high CPU usage and system unresponsiveness due to an infinite loop.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42873 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42873.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42873"
},
{
"cve": "CVE-2025-42891",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "A missing authorization check in SAP Enterprise Search for ABAP allows high-privileged attackers to access and export database table contents, significantly compromising data confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42891 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42891"
},
{
"cve": "CVE-2025-42896",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "description",
"text": "SAP BusinessObjects Business Intelligence Platform is susceptible to a Server-Side Request Forgery (SSRF) vulnerability, enabling unauthenticated remote attackers to send crafted requests that may compromise confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42896 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42896.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42896"
}
]
}
bit-tomcat-2025-55754
Vulnerability from bitnami_vulndb
Published
2025-11-06 13:00
Modified
2026-03-20 09:47
Summary
Apache Tomcat: console manipulation via escape sequences in log messages
Details
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0 through 11.0.10, from 10.1.0 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "tomcat",
"purl": "pkg:bitnami/tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.109"
},
{
"introduced": "10.0.0"
},
{
"fixed": "10.1.45"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.11"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-55754"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
],
"severity": "Critical"
},
"details": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0 through 11.0.10, from 10.1.0 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"id": "BIT-tomcat-2025-55754",
"modified": "2026-03-20T09:47:33.381Z",
"published": "2025-11-06T13:00:33.572Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
}
],
"schema_version": "1.6.2",
"summary": "Apache Tomcat: console manipulation via escape sequences in log messages"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…