Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-55754 (GCVE-0-2025-55754)
Vulnerability from cvelistv5
Published
2025-10-27 17:29
Modified
2025-12-09 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M1 ≤ 11.0.10 Version: 10.1.0-M1 ≤ 10.1.44 Version: 9.0.40 ≤ 9.0.108 Version: 8.5.60 ≤ 8.5.100 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T04:55:54.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:16.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.10",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.44",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.108",
"status": "affected",
"version": "9.0.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.60",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Elysee Franchuk of MOBIA Technology Innovations"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:38:25.256Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: console manipulation via escape sequences in log messages",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-55754",
"datePublished": "2025-10-27T17:29:50.756Z",
"dateReserved": "2025-08-15T11:26:40.520Z",
"dateUpdated": "2025-12-09T04:55:54.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55754\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-10-27T18:15:42.710\",\"lastModified\":\"2025-11-14T17:37:41.767\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\\n\\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\\n\\n\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-150\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.60\",\"versionEndIncluding\":\"8.5.100\",\"matchCriteriaId\":\"8252492F-6708-4904-8F48-E53D31B6CAF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.40\",\"versionEndExcluding\":\"9.0.109\",\"matchCriteriaId\":\"80305B12-76BD-409C-9B76-4FD6E849C049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.27\",\"matchCriteriaId\":\"B30CA0D9-834D-4044-B03B-7E6E60A4B0E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.45\",\"matchCriteriaId\":\"27F4F718-AE8D-417A-BEE4-780FD77625D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.11\",\"matchCriteriaId\":\"FC2A3FE1-BC50-419D-AEFA-097C58A3F243\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/10/27/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/10/27/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:13:16.888Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55754\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-28T13:26:12.959373Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-28T13:26:42.148Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: console manipulation via escape sequences in log messages\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Elysee Franchuk of MOBIA Technology Innovations\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.10\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.44\"}, {\"status\": \"affected\", \"version\": \"9.0.40\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.108\"}, {\"status\": \"affected\", \"version\": \"8.5.60\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"unknown\", \"version\": \"3\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\\n\\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\\n\\n\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-150\", \"description\": \"CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:38:25.256Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55754\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-09T04:55:54.574Z\", \"dateReserved\": \"2025-08-15T11:26:40.520Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-10-27T17:29:50.756Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
opensuse-su-2025:15716-1
Vulnerability from csaf_opensuse
Published
2025-11-07 00:00
Modified
2025-11-07 00:00
Summary
tomcat-9.0.111-1.1 on GA media
Notes
Title of the patch
tomcat-9.0.111-1.1 on GA media
Description of the patch
These are all security issues fixed in the tomcat-9.0.111-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15716
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat-9.0.111-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat-9.0.111-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15716",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15716-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat-9.0.111-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15716-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-9.0.111-1.1.aarch64",
"product_id": "tomcat-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-embed-9.0.111-1.1.aarch64",
"product_id": "tomcat-embed-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.aarch64",
"product_id": "tomcat-javadoc-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.aarch64",
"product_id": "tomcat-jsvc-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-lib-9.0.111-1.1.aarch64",
"product_id": "tomcat-lib-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.aarch64",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.aarch64",
"product_id": "tomcat-webapps-9.0.111-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-9.0.111-1.1.ppc64le",
"product_id": "tomcat-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-embed-9.0.111-1.1.ppc64le",
"product_id": "tomcat-embed-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"product_id": "tomcat-javadoc-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"product_id": "tomcat-jsvc-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-lib-9.0.111-1.1.ppc64le",
"product_id": "tomcat-lib-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.ppc64le",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.ppc64le",
"product_id": "tomcat-webapps-9.0.111-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-9.0.111-1.1.s390x",
"product_id": "tomcat-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-embed-9.0.111-1.1.s390x",
"product_id": "tomcat-embed-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.s390x",
"product_id": "tomcat-javadoc-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.s390x",
"product_id": "tomcat-jsvc-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-lib-9.0.111-1.1.s390x",
"product_id": "tomcat-lib-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.s390x",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.s390x",
"product_id": "tomcat-webapps-9.0.111-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-9.0.111-1.1.x86_64",
"product_id": "tomcat-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"product_id": "tomcat-admin-webapps-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"product_id": "tomcat-docs-webapp-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-el-3_0-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-embed-9.0.111-1.1.x86_64",
"product_id": "tomcat-embed-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-javadoc-9.0.111-1.1.x86_64",
"product_id": "tomcat-javadoc-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-jsvc-9.0.111-1.1.x86_64",
"product_id": "tomcat-jsvc-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-lib-9.0.111-1.1.x86_64",
"product_id": "tomcat-lib-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"product_id": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-1.1.x86_64",
"product": {
"name": "tomcat-webapps-9.0.111-1.1.x86_64",
"product_id": "tomcat-webapps-9.0.111-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-admin-webapps-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-docs-webapp-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-embed-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-embed-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-embed-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-embed-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-javadoc-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-jsvc-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-lib-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-lib-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-lib-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-lib-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
},
"product_reference": "tomcat-webapps-9.0.111-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.111-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.111-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
opensuse-su-2025:20106-1
Vulnerability from csaf_opensuse
Published
2025-11-27 15:43
Modified
2025-11-27 15:43
Summary
Security update for tomcat11
Notes
Title of the patch
Security update for tomcat11
Description of the patch
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames
openSUSE-Leap-16.0-72
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20106-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:43:26Z",
"generator": {
"date": "2025-11-27T15:43:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:20106-1",
"initial_release_date": "2025-11-27T15:43:26Z",
"revision_history": [
{
"date": "2025-11-27T15:43:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
opensuse-su-2025:15717-1
Vulnerability from csaf_opensuse
Published
2025-11-07 00:00
Modified
2025-11-07 00:00
Summary
tomcat10-10.1.48-1.1 on GA media
Notes
Title of the patch
tomcat10-10.1.48-1.1 on GA media
Description of the patch
These are all security issues fixed in the tomcat10-10.1.48-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15717
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat10-10.1.48-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat10-10.1.48-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15717",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15717-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat10-10.1.48-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15717-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-10.1.48-1.1.aarch64",
"product_id": "tomcat10-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.aarch64",
"product_id": "tomcat10-doc-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.aarch64",
"product_id": "tomcat10-embed-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"product_id": "tomcat10-jsvc-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.aarch64",
"product_id": "tomcat10-lib-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.aarch64",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.aarch64",
"product_id": "tomcat10-webapps-10.1.48-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-doc-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-embed-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-jsvc-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-lib-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"product_id": "tomcat10-webapps-10.1.48-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-10.1.48-1.1.s390x",
"product_id": "tomcat10-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.s390x",
"product_id": "tomcat10-doc-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.s390x",
"product_id": "tomcat10-embed-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.s390x",
"product_id": "tomcat10-jsvc-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.s390x",
"product_id": "tomcat10-lib-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.s390x",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.s390x",
"product_id": "tomcat10-webapps-10.1.48-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-10.1.48-1.1.x86_64",
"product_id": "tomcat10-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"product_id": "tomcat10-admin-webapps-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-doc-10.1.48-1.1.x86_64",
"product_id": "tomcat10-doc-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"product_id": "tomcat10-docs-webapp-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-embed-10.1.48-1.1.x86_64",
"product_id": "tomcat10-embed-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"product_id": "tomcat10-jsvc-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-lib-10.1.48-1.1.x86_64",
"product_id": "tomcat10-lib-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-1.1.x86_64",
"product": {
"name": "tomcat10-webapps-10.1.48-1.1.x86_64",
"product_id": "tomcat10-webapps-10.1.48-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-doc-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-embed-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-jsvc-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-lib-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
},
"product_reference": "tomcat10-webapps-10.1.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.48-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
opensuse-su-2025:15718-1
Vulnerability from csaf_opensuse
Published
2025-11-07 00:00
Modified
2025-11-07 00:00
Summary
tomcat11-11.0.13-1.1 on GA media
Notes
Title of the patch
tomcat11-11.0.13-1.1 on GA media
Description of the patch
These are all security issues fixed in the tomcat11-11.0.13-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15718
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat11-11.0.13-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat11-11.0.13-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15718",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15718-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "tomcat11-11.0.13-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-07T00:00:00Z",
"generator": {
"date": "2025-11-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15718-1",
"initial_release_date": "2025-11-07T00:00:00Z",
"revision_history": [
{
"date": "2025-11-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-11.0.13-1.1.aarch64",
"product_id": "tomcat11-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.aarch64",
"product_id": "tomcat11-doc-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.aarch64",
"product_id": "tomcat11-embed-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"product_id": "tomcat11-jsvc-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.aarch64",
"product_id": "tomcat11-lib-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.aarch64",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.aarch64",
"product_id": "tomcat11-webapps-11.0.13-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-doc-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-embed-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-jsvc-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-lib-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"product_id": "tomcat11-webapps-11.0.13-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-11.0.13-1.1.s390x",
"product_id": "tomcat11-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.s390x",
"product_id": "tomcat11-doc-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.s390x",
"product_id": "tomcat11-embed-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.s390x",
"product_id": "tomcat11-jsvc-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.s390x",
"product_id": "tomcat11-lib-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.s390x",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.s390x",
"product_id": "tomcat11-webapps-11.0.13-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-11.0.13-1.1.x86_64",
"product_id": "tomcat11-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"product_id": "tomcat11-admin-webapps-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-doc-11.0.13-1.1.x86_64",
"product_id": "tomcat11-doc-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"product_id": "tomcat11-docs-webapp-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-embed-11.0.13-1.1.x86_64",
"product_id": "tomcat11-embed-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"product_id": "tomcat11-jsvc-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-lib-11.0.13-1.1.x86_64",
"product_id": "tomcat11-lib-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-1.1.x86_64",
"product": {
"name": "tomcat11-webapps-11.0.13-1.1.x86_64",
"product_id": "tomcat11-webapps-11.0.13-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-doc-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-embed-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-jsvc-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-lib-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
},
"product_reference": "tomcat11-webapps-11.0.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-admin-webapps-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-doc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-docs-webapp-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-el-6_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-embed-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsp-4_0-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-jsvc-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-lib-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-servlet-6_1-api-11.0.13-1.1.x86_64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.aarch64",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.s390x",
"openSUSE Tumbleweed:tomcat11-webapps-11.0.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
opensuse-su-2025-20106-1
Vulnerability from csaf_opensuse
Published
2025-11-27 15:43
Modified
2025-11-27 15:43
Summary
Security update for tomcat11
Notes
Title of the patch
Security update for tomcat11
Description of the patch
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames
openSUSE-Leap-16.0-72
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025-20106-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:43:26Z",
"generator": {
"date": "2025-11-27T15:43:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025-20106-1",
"initial_release_date": "2025-11-27T15:43:26Z",
"revision_history": [
{
"date": "2025-11-27T15:43:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"openSUSE Leap 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:43:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
suse-su-2025:4103-1
Vulnerability from csaf_suse
Published
2025-11-14 09:56
Modified
2025-11-14 09:56
Summary
Security update for tomcat10
Notes
Title of the patch
Security update for tomcat10
Description of the patch
This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.48
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4103,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4103,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4103,openSUSE-SLE-15.6-2025-4103
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat10 fixes the following issues:\n\nUpdate to Tomcat 10.1.48\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4103,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4103,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4103,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4103,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4103,openSUSE-SLE-15.6-2025-4103",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4103-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4103-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254103-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4103-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023281.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat10",
"tracking": {
"current_release_date": "2025-11-14T09:56:37Z",
"generator": {
"date": "2025-11-14T09:56:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4103-1",
"initial_release_date": "2025-11-14T09:56:37Z",
"revision_history": [
{
"date": "2025-11-14T09:56:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-doc-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-embed-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-lib-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"product": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"product_id": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.48-150200.5.54.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.48-150200.5.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-14T09:56:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
suse-su-2025:4086-1
Vulnerability from csaf_suse
Published
2025-11-12 15:02
Modified
2025-11-12 15:02
Summary
Security update for tomcat11
Notes
Title of the patch
Security update for tomcat11
Description of the patch
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4086,openSUSE-SLE-15.6-2025-4086
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4086,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4086,openSUSE-SLE-15.6-2025-4086",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4086-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4086-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254086-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4086-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023270.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-12T15:02:26Z",
"generator": {
"date": "2025-11-12T15:02:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4086-1",
"initial_release_date": "2025-11-12T15:02:26Z",
"revision_history": [
{
"date": "2025-11-12T15:02:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-doc-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-embed-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-lib-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-admin-webapps-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-doc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-docs-webapp-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-el-6_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-embed-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsp-4_0-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-jsvc-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-lib-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-servlet-6_1-api-11.0.13-150600.13.12.1.noarch",
"openSUSE Leap 15.6:tomcat11-webapps-11.0.13-150600.13.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T15:02:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
suse-su-2025:4184-1
Vulnerability from csaf_suse
Published
2025-11-24 07:56
Modified
2025-11-24 07:56
Summary
Security update for tomcat
Notes
Title of the patch
Security update for tomcat
Description of the patch
This update for tomcat fixes the following issues:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4184
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753)\n- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905)\n- CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4184,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4184",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4184-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4184-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254184-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4184-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023318.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-11-24T07:56:53Z",
"generator": {
"date": "2025-11-24T07:56:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4184-1",
"initial_release_date": "2025-11-24T07:56:53Z",
"revision_history": [
{
"date": "2025-11-24T07:56:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-9.0.36-3.153.2.noarch",
"product_id": "tomcat-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.153.2.noarch",
"product_id": "tomcat-embed-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.153.2.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch",
"product_id": "tomcat-lib-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.153.2.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch",
"product_id": "tomcat-webapps-9.0.36-3.153.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.153.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.153.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.153.2.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.153.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T07:56:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
suse-su-2025:21152-1
Vulnerability from csaf_suse
Published
2025-11-27 15:47
Modified
2025-11-27 15:47
Summary
Security update for tomcat11
Notes
Title of the patch
Security update for tomcat11
Description of the patch
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.13:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).
- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).
Patchnames
SUSE-SLES-16.0-72
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat11 fixes the following issues:\n\nUpdate to Tomcat 11.0.13:\n\n- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).\n- CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905).\n- CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-72",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21152-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21152-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521152-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21152-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023508.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat11",
"tracking": {
"current_release_date": "2025-11-27T15:47:37Z",
"generator": {
"date": "2025-11-27T15:47:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21152-1",
"initial_release_date": "2025-11-27T15:47:37Z",
"revision_history": [
{
"date": "2025-11-27T15:47:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-doc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-embed-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-jsvc-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-lib-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"product_id": "tomcat11-webapps-11.0.13-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-doc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-doc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-embed-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-embed-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-jsvc-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-lib-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-lib-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-webapps-11.0.13-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
},
"product_reference": "tomcat11-webapps-11.0.13-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-admin-webapps-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-doc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-docs-webapp-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-embed-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-jsvc-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-lib-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 16.0:tomcat11-webapps-11.0.13-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T15:47:37Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
suse-su-2025:4159-1
Vulnerability from csaf_suse
Published
2025-11-21 14:31
Modified
2025-11-21 14:31
Summary
Security update for tomcat
Notes
Title of the patch
Security update for tomcat
Description of the patch
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.111:
- CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
is enabled (bsc#1252753)
- CVE-2025-55754: Fixed improper neutralization of escape, meta, or control
sequences vulnerability (bsc#1252905)
- CVE-2025-61795: Fixed denial of service due to temporary copies during
the processing of multipart upload (bsc#1252756)
Patchnames
SUSE-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4159,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4159,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4159,SUSE-Storage-7.1-2025-4159,openSUSE-SLE-15.6-2025-4159
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n Update to Tomcat 9.0.111:\n\n - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT\n is enabled (bsc#1252753)\n - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control \n sequences vulnerability (bsc#1252905)\n - CVE-2025-61795: Fixed denial of service due to temporary copies during \n the processing of multipart upload (bsc#1252756)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-4159,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-4159,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4159,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4159,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4159,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4159,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4159,SUSE-Storage-7.1-2025-4159,openSUSE-SLE-15.6-2025-4159",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4159-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4159-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254159-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4159-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023311.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252753",
"url": "https://bugzilla.suse.com/1252753"
},
{
"category": "self",
"summary": "SUSE Bug 1252756",
"url": "https://bugzilla.suse.com/1252756"
},
{
"category": "self",
"summary": "SUSE Bug 1252905",
"url": "https://bugzilla.suse.com/1252905"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-11-21T14:31:51Z",
"generator": {
"date": "2025-11-21T14:31:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4159-1",
"initial_release_date": "2025-11-21T14:31:51Z",
"revision_history": [
{
"date": "2025-11-21T14:31:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-embed-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-embed-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-javadoc-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-jsvc-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-lib-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"product_id": "tomcat-webapps-9.0.111-150200.96.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server LTS 4.3",
"product": {
"name": "SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server-lts:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-embed-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-lib-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.111-150200.96.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.111-150200.96.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-lib-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.111-150200.96.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.111-150200.96.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T14:31:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
}
]
}
wid-sec-w-2025-2420
Vulnerability from csaf_certbund
Published
2025-10-27 23:00
Modified
2025-10-28 23:00
Summary
Apache Tomcat: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2420 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2420.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2420 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2420"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-27",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
},
{
"category": "external",
"summary": "Apache Tomcat Security vom 2025-10-27",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"category": "external",
"summary": "PoC CVE-2025-55752 vom 2025-10-28",
"url": "https://github.com/TAM-K592/CVE-2025-55752"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-28T23:00:00.000+00:00",
"generator": {
"date": "2025-10-29T05:38:27.157+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2420",
"initial_release_date": "2025-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2025-55752 aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.47",
"product": {
"name": "Apache Tomcat \u003c10.1.47",
"product_id": "T048171"
}
},
{
"category": "product_version",
"name": "10.1.47",
"product": {
"name": "Apache Tomcat 10.1.47",
"product_id": "T048171-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.47"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.12",
"product": {
"name": "Apache Tomcat \u003c11.0.12",
"product_id": "T048172"
}
},
{
"category": "product_version",
"name": "11.0.12",
"product": {
"name": "Apache Tomcat 11.0.12",
"product_id": "T048172-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.110",
"product": {
"name": "Apache Tomcat \u003c9.0.110",
"product_id": "T048173"
}
},
{
"category": "product_version",
"name": "9.0.110",
"product": {
"name": "Apache Tomcat 9.0.110",
"product_id": "T048173-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.110"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55752",
"product_status": {
"known_affected": [
"T048171",
"T048173",
"T048172"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"product_status": {
"known_affected": [
"T048171",
"T048173",
"T048172"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"product_status": {
"known_affected": [
"T048171",
"T048173",
"T048172"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-61795"
}
]
}
fkie_cve-2025-55754
Vulnerability from fkie_nvd
Published
2025-10-27 18:15
Modified
2025-11-14 17:37
Severity ?
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/10/27/5 | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8252492F-6708-4904-8F48-E53D31B6CAF7",
"versionEndIncluding": "8.5.100",
"versionStartIncluding": "8.5.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80305B12-76BD-409C-9B76-4FD6E849C049",
"versionEndExcluding": "9.0.109",
"versionStartIncluding": "9.0.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B30CA0D9-834D-4044-B03B-7E6E60A4B0E6",
"versionEndExcluding": "10.0.27",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27F4F718-AE8D-417A-BEE4-780FD77625D2",
"versionEndExcluding": "10.1.45",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A3FE1-BC50-419D-AEFA-097C58A3F243",
"versionEndExcluding": "11.0.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue."
}
],
"id": "CVE-2025-55754",
"lastModified": "2025-11-14T17:37:41.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-27T18:15:42.710",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-150"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
CERTFR-2025-AVI-0967
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | File Integrity Monitoring pour VMware Tanzu Platform versions antérieures à 2.1.49 | ||
| VMware | Tanzu Platform | Cloud Service Broker pour Azure pour VMware Tanzu Platform versions antérieures à 1.13.1 | ||
| VMware | Tanzu Platform | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Platform | Scheduler pour VMware Tanzu Platform versions antérieures à 2.0.21 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.4 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Platform | .NET Core Buildpack versions antérieures à 2.4.64 | ||
| VMware | Tanzu Platform | VMware Tanzu Data Flow sur Tanzu Platform versions antérieures à 2.0.0 | ||
| VMware | Tanzu Platform | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.4 | ||
| VMware | Tanzu Platform | CredHub Secrets Management pour VMware Tanzu Platform versions antérieures à 1.6.7 | ||
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.8 | ||
| VMware | Tanzu Platform | Go Buildpack versions antérieures à 1.10.57 | ||
| VMware | Tanzu Platform | VMware Tanzu RabbitMQ sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Platform | NodeJS Buildpack versions antérieures à 1.8.61 | ||
| VMware | Tanzu Platform | Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.0 | ||
| VMware | Tanzu Platform | Application Services pour VMware Tanzu Platform versions antérieures à 3.3.11 | ||
| VMware | Tanzu Platform | IPsec Encryption pour VMware Tanzu Platform versions antérieures à 1.9.68 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "File Integrity Monitoring pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.1.49",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Service Broker pour Azure pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.13.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.21",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.64",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Data Flow sur Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.7",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.57",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu RabbitMQ sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.61",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Application Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.3.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "IPsec Encryption pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.9.68",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2024-7409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7409"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2024-6505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6505"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-43484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-3447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3447"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-43483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58446"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3446"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-4467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2024-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2024-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8244"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2023-39333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39333"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0967",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36323",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36323"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36343",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36343"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36326"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36305",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36305"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36345",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36345"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36329"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36316"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36331"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36334",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36334"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36335",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36335"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36340",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36340"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36319",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36319"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36339",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36339"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36322",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36322"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36321",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36321"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36324"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36336",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36336"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36318",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36318"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36337",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36337"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36346",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36346"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-81",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36315"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36317",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36317"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36344",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36344"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36341",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36341"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36314",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36314"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36330"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36332",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36332"
},
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36304",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36304"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36342",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36342"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36333",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36333"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-99",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36327"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36338",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36338"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36328"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36325"
}
]
}
CERTFR-2025-AVI-1079
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAPUI5 framework | SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de sécurité | ||
| SAP | BusinessObjects | Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
| SAP | Web Dispatcher, Internet Communication Manager et Content Server | Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de sécurité | ||
| SAP | jConnect | jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de sécurité | ||
| SAP | Enterprise Search pour ABAP | Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | Web Dispatcher et Internet Communication Manager (ICM) | Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA | S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de sécurité | ||
| SAP | Business Objects Business Intelligence Platform | Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | Solution Manager | Solution Manager version ST 720 sans le dernier correctif de sécurité | ||
| SAP | Application Server ABAP | Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAPUI5 framework",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "BusinessObjects",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Web Dispatcher, Internet Communication Manager et Content Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "jConnect",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Enterprise Search pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Web Dispatcher et Internet Communication Manager (ICM)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Objects Business Intelligence Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Solution Manager version ST 720 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Solution Manager",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Application Server ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42875"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-42904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42904"
},
{
"name": "CVE-2025-42891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42891"
},
{
"name": "CVE-2025-42877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42877"
},
{
"name": "CVE-2025-42880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42880"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-42874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42874"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-42873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42873"
},
{
"name": "CVE-2025-42878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42878"
},
{
"name": "CVE-2025-42876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42876"
},
{
"name": "CVE-2025-42872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42872"
},
{
"name": "CVE-2025-42928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42928"
},
{
"name": "CVE-2025-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42896"
}
],
"initial_release_date": "2025-12-09T00:00:00",
"last_revision_date": "2025-12-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1079",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP december-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html"
}
]
}
CERTFR-2025-AVI-0933
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.12",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.47",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.110",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
}
],
"initial_release_date": "2025-10-28T00:00:00",
"last_revision_date": "2025-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0933",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.12",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.110",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.47",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
}
]
}
CERTFR-2025-AVI-0969
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | GenAI sur Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.90.x | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.58 | ||
| VMware | Tanzu Kubernetes Runtime | Python Buildpack versions antérieures à 1.8.63 | ||
| VMware | Tanzu Kubernetes Runtime | VMware Tanzu pour MySQL sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Kubernetes Runtime | API Gateway pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | Tanzu Kubernetes Runtime | PHP Buildpack versions antérieures à 4.6.49 | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Platform versions antérieures à 1.16.14 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.915.x | ||
| VMware | Tanzu Application Service | CredHub Service Broker versions antérieures à 1.6.6 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.915.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Application Service versions antérieures à 1.16.13 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.77.x | ||
| VMware | Services Suite | Platform Automation Toolkit versions antérieures à 5.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.906.x | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Data Flow pour VMware Tanzu versions antérieures à 1.14.9 | ||
| VMware | Tanzu Kubernetes Runtime | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.9 | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Services pour VMware Tanzu versions antérieures à 3.3.10 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Concourse pour VMware Tanzu versions antérieures à 7.14.1+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Ruby Buildpack versions antérieures à 1.10.46 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Telemetry pour VMware Tanzu Platform versions antérieures à 2.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.103.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Hub versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.906.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GenAI sur Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.90.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.58",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Python Buildpack versions ant\u00e9rieures \u00e0 1.8.63",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour MySQL sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "API Gateway pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "PHP Buildpack versions ant\u00e9rieures \u00e0 4.6.49",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.16.14",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Service Broker versions ant\u00e9rieures \u00e0 1.6.6",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.13",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.77.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.3.2",
"product": {
"name": "Services Suite",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow pour VMware Tanzu versions ant\u00e9rieures \u00e0 1.14.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.5.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services pour VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.10",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Concourse pour VMware Tanzu versions ant\u00e9rieures \u00e0 7.14.1+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Ruby Buildpack versions ant\u00e9rieures \u00e0 1.10.46",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.103.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-57981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57981"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2022-25308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25308"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-27102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27102"
},
{
"name": "CVE-2022-43236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43236"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2005-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0602"
},
{
"name": "CVE-2017-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6834"
},
{
"name": "CVE-2025-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22003"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3428"
},
{
"name": "CVE-2021-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3933"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43237"
},
{
"name": "CVE-2021-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23215"
},
{
"name": "CVE-2022-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1115"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21798"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21889"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-38328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38328"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2023-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3195"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2021-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20243"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2014-9157",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9157"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2021-26260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26260"
},
{
"name": "CVE-2023-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0922"
},
{
"name": "CVE-2025-38100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"name": "CVE-2017-18250",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18250"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-40002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40002"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2025-8851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8851"
},
{
"name": "CVE-2024-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58010"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-57973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57973"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2001-1268",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1268"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22017"
},
{
"name": "CVE-2025-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38108"
},
{
"name": "CVE-2025-21783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
},
{
"name": "CVE-2025-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38229"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2020-27769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27769"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2014-9748",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9748"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2022-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1623"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2024-38829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38829"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2017-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6831"
},
{
"name": "CVE-2024-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58034"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2023-38471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38471"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2020-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27776"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21743"
},
{
"name": "CVE-2025-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38147"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2023-34475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34475"
},
{
"name": "CVE-2024-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26896"
},
{
"name": "CVE-2025-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38286"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2025-12380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12380"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2022-2929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2929"
},
{
"name": "CVE-2018-15120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15120"
},
{
"name": "CVE-2024-58069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58069"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2025-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4287"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2025-21731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21731"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3605"
},
{
"name": "CVE-2025-38515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38515"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2017-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10928"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2025-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38163"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2017-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12429"
},
{
"name": "CVE-2025-38444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38444"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2023-2157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2157"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-58082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58082"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2025-55551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2023-48368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48368"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38157"
},
{
"name": "CVE-2023-24757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24757"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2022-31683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31683"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2025-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21872"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2017-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6832"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2024-45720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45720"
},
{
"name": "CVE-2022-1056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1056"
},
{
"name": "CVE-2018-10805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10805"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2025-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38219"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2025-38466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2020-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15095"
},
{
"name": "CVE-2018-16328",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16328"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5745"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2022-43239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43239"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2022-32546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32546"
},
{
"name": "CVE-2025-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0838"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2025-55553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55553"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2021-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4219"
},
{
"name": "CVE-2018-15798",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15798"
},
{
"name": "CVE-2025-55154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55154"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2017-11447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11447"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2023-39593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39593"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-46569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46569"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2018-14434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14434"
},
{
"name": "CVE-2019-6293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6293"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2021-3468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3468"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-58061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58061"
},
{
"name": "CVE-2025-46148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46148"
},
{
"name": "CVE-2024-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58058"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2149"
},
{
"name": "CVE-2021-3502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3502"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2018-16329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16329"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58056"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2024-43790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43790"
},
{
"name": "CVE-2025-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38313"
},
{
"name": "CVE-2025-38336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38336"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2025-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22009"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2025-21727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21727"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43240"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2021-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20312"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2023-52593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52593"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2023-26785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26785"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2024-57970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21929"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2025-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21735"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-3000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3000"
},
{
"name": "CVE-2022-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3213"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38112"
},
{
"name": "CVE-2025-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5878"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2024-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58063"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2025-38500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38500"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8961"
},
{
"name": "CVE-2025-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21977"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2025-21779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
},
{
"name": "CVE-2024-58005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-38203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38203"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2022-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0909"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2023-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38633"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2021-46312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46312"
},
{
"name": "CVE-2018-14628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14628"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38476"
},
{
"name": "CVE-2019-6461",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6461"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2015-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
},
{
"name": "CVE-2022-43244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43244"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2015-7696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7696"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2025-38387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38387"
},
{
"name": "CVE-2023-45922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45922"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-38362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38362"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2025-40004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40004"
},
{
"name": "CVE-2017-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7619"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-38371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38371"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-57982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57982"
},
{
"name": "CVE-2025-38445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38445"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-21746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-24070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2019-17547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17547"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2021-36411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36411"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2018-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10919"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-53014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53014"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2018-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10804"
},
{
"name": "CVE-2025-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38159"
},
{
"name": "CVE-2022-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0907"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-3670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3670"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2025-38305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-38067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2024-58054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58054"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40364"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2013-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2064"
},
{
"name": "CVE-2025-38401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38401"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2024-58070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58070"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2020-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25663"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58057"
},
{
"name": "CVE-2025-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0306"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-58007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58007"
},
{
"name": "CVE-2023-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1355"
},
{
"name": "CVE-2025-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21995"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37967"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38102"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2025-55560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55560"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2025-59842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59842"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2024-27766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27766"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21714"
},
{
"name": "CVE-2024-58078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58078"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-38399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38399"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2023-34153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34153"
},
{
"name": "CVE-2023-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3618"
},
{
"name": "CVE-2020-14153",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14153"
},
{
"name": "CVE-2022-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1114"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2025-38412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38412"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2011-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2207"
},
{
"name": "CVE-2025-54874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54874"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2025-38293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38293"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21830"
},
{
"name": "CVE-2018-12600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12600"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2025-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38184"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2025-9340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9340"
},
{
"name": "CVE-2023-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24758"
},
{
"name": "CVE-2025-55552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2016-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7531"
},
{
"name": "CVE-2006-3082",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3082"
},
{
"name": "CVE-2023-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5341"
},
{
"name": "CVE-2025-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8534"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3262"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-0743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0743"
},
{
"name": "CVE-2025-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21961"
},
{
"name": "CVE-2025-38458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38458"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2016-10062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10062"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2023-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34152"
},
{
"name": "CVE-2022-43249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43249"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2024-58085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58085"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2025-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38135"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2022-43242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43242"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2025-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2019-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14844"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21982"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-21828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21828"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2025-38363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38363"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2022-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0865"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2025-38319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38319"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2022-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0529"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2016-7514",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7514"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2025-9092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9092"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2021-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3598"
},
{
"name": "CVE-2025-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21880"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-38212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-38298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38298"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-37974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37974"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2024-57834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
},
{
"name": "CVE-2025-55197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55197"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55558"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2024-58017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58017"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2025-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21809"
},
{
"name": "CVE-2025-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38419"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2021-32490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32490"
},
{
"name": "CVE-2020-27768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27768"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2016-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5118"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-46045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46045"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2025-55557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55557"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2025-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2999"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2021-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35452"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2020-10251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10251"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2025-21745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2020-18781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18781"
},
{
"name": "CVE-2025-7709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7709"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38251"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38120"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2025-38285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37750"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38161"
},
{
"name": "CVE-2025-9640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9640"
},
{
"name": "CVE-2022-1897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
},
{
"name": "CVE-2022-43248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43248"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2024-58081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58081"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2017-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6829"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2021-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4214"
},
{
"name": "CVE-2025-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21911"
},
{
"name": "CVE-2023-24752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24752"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-43245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43245"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2018-9133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9133"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38115"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2025-21816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21816"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2021-36410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36410"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
},
{
"name": "CVE-2025-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38153"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2024-58003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58003"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-38395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38395"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38337"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2024-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-38465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-38513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38513"
},
{
"name": "CVE-2025-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21736"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21741"
},
{
"name": "CVE-2020-18032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18032"
},
{
"name": "CVE-2017-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6833"
},
{
"name": "CVE-2025-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21808"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-58076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58076"
},
{
"name": "CVE-2023-24751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24751"
},
{
"name": "CVE-2025-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21708"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21720"
},
{
"name": "CVE-2025-32463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32463"
},
{
"name": "CVE-2015-7747",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7747"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2025-55004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55004"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38441"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2023-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38037"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2519"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21711"
},
{
"name": "CVE-2025-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2998"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2021-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20313"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2023-45913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45913"
},
{
"name": "CVE-2018-13153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13153"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2023-34474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34474"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-38227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38227"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-58079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58079"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2021-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45931"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2021-28544",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2025-21734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21734"
},
{
"name": "CVE-2025-32728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32728"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2021-44964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44964"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2018-14437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14437"
},
{
"name": "CVE-2024-13978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13978"
},
{
"name": "CVE-2025-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21890"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2021-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3596"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2024-57883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57883"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2017-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6830"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-21748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21748"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2021-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46310"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38074"
},
{
"name": "CVE-2024-58086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
},
{
"name": "CVE-2025-38119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38119"
},
{
"name": "CVE-2025-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38245"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2020-14152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14152"
},
{
"name": "CVE-2025-38324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38324"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2024-58051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58051"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2025-9390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9390"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2019-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9904"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2025-9165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9165"
},
{
"name": "CVE-2023-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1981"
},
{
"name": "CVE-2023-30571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30571"
},
{
"name": "CVE-2022-2231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2231"
},
{
"name": "CVE-2025-46150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46150"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38542"
},
{
"name": "CVE-2025-38344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38344"
},
{
"name": "CVE-2023-28120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28120"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2025-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38088"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2020-35492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35492"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2023-1289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1289"
},
{
"name": "CVE-2025-38386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38386"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2025-9341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9341"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-21895",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21895"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2018-16412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16412"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2019-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6462"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2021-32493",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32493"
},
{
"name": "CVE-2023-24754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24754"
},
{
"name": "CVE-2020-29509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29509"
},
{
"name": "CVE-2023-5568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5568"
},
{
"name": "CVE-2023-38470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38470"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2025-38237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38237"
},
{
"name": "CVE-2025-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38174"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2025-21888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21888"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2024-57990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57990"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2014-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9636"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2022-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2022-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2521"
},
{
"name": "CVE-2023-49582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49582"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21976"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-57975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57975"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-32491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32491"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0924"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2022-33068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33068"
},
{
"name": "CVE-2025-38342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-58068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58068"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2024-57998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57998"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-38206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38206"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2023-47282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47282"
},
{
"name": "CVE-2016-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-20012"
},
{
"name": "CVE-2025-38111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2019-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3792"
},
{
"name": "CVE-2022-43235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43235"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22001"
},
{
"name": "CVE-2024-10524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
},
{
"name": "CVE-2025-40017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40017"
},
{
"name": "CVE-2023-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45919"
},
{
"name": "CVE-2025-38326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38326"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2018-15607",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15607"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38384"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38424"
},
{
"name": "CVE-2025-38430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2025-3001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3001"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-32545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32545"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2025-21820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21820"
},
{
"name": "CVE-2017-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6838"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-41817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41817"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6835"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2025-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38420"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2024-57997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57997"
},
{
"name": "CVE-2025-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38160"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-31782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31782"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38107"
},
{
"name": "CVE-2025-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32434"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2025-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"name": "CVE-2025-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38197"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2022-43253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43253"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2025-53019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53019"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-53367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53367"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2021-45942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45942"
},
{
"name": "CVE-2022-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1615"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2021-20246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20246"
},
{
"name": "CVE-2025-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21707"
},
{
"name": "CVE-2023-24755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24755"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-38467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38467"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2025-21804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21804"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2017-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6837"
},
{
"name": "CVE-2014-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9913"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-37407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37407"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2025-22011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22011"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43252"
},
{
"name": "CVE-2023-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0614"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2020-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21606"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2001-1269",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1269"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38617"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2023-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47169"
},
{
"name": "CVE-2025-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38122"
},
{
"name": "CVE-2025-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21801"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-38173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38173"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2148"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38143"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2023-38469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38469"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2016-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5841"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53101"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2022-44267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44267"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2019-8321",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8321"
},
{
"name": "CVE-2025-21826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21826"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-21750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21750"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2025-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46393"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2021-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0561"
},
{
"name": "CVE-2018-12599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12599"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-38416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38416"
},
{
"name": "CVE-2022-1587",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1587"
},
{
"name": "CVE-2025-21825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21825"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0284"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2024-58016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58016"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21903"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2025-38194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38194"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1667"
},
{
"name": "CVE-2022-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2953"
},
{
"name": "CVE-2022-43238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43238"
},
{
"name": "CVE-2025-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3121"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2024-20696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20696"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-46149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46149"
},
{
"name": "CVE-2021-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26945"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-46152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46152"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2025-38348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38348"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2025-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38540"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2022-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28463"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2025-21726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21726"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2018-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3779"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2022-28805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28805"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2025-21723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21723"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38146"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2022-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1355"
},
{
"name": "CVE-2025-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47291"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2025-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38418"
},
{
"name": "CVE-2025-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38090"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2025-21810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21810"
},
{
"name": "CVE-2022-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2021-24031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24031"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-46153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46153"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2025-5994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5994"
},
{
"name": "CVE-2021-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38115"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2021-31879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2021-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20309"
},
{
"name": "CVE-2022-29217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29217"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38472"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2017-12643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12643"
},
{
"name": "CVE-2024-57953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57953"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2021-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26720"
},
{
"name": "CVE-2025-54801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54801"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2023-24756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24756"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2022-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2520"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-9403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9403"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2016-4074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4074"
},
{
"name": "CVE-2024-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0746"
},
{
"name": "CVE-2025-21775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2022-33099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33099"
},
{
"name": "CVE-2023-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45931"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-38400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26775"
},
{
"name": "CVE-2022-25309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25309"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38136"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-55212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55212"
},
{
"name": "CVE-2022-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36087"
},
{
"name": "CVE-2022-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32547"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-26280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26280"
},
{
"name": "CVE-2025-37752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37752"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2025-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21873"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2018-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11655"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2022-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2928"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-57803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57803"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2020-29511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29511"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2015-7697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7697"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21742"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-43243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43243"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2017-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16231"
},
{
"name": "CVE-2025-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38406"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21930"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2017-9409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9409"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2025-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21892"
},
{
"name": "CVE-2024-58052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58052"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2025-55554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
},
{
"name": "CVE-2024-43168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43168"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22016"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2025-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38263"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-46901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46901"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2025-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21955"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"name": "CVE-2025-21773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38218"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2024-43167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43167"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-1000035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000035"
},
{
"name": "CVE-2021-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40211"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2025-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"name": "CVE-2024-26256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2020-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0499"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3136"
},
{
"name": "CVE-2025-55160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55160"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38249"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2022-48703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48703"
},
{
"name": "CVE-2025-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38154"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30699"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-38389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38389"
},
{
"name": "CVE-2025-38448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38448"
},
{
"name": "CVE-2022-48281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48281"
},
{
"name": "CVE-2023-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2426"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2025-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
},
{
"name": "CVE-2021-20176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20176"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2025-55298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55298"
},
{
"name": "CVE-2022-43241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43241"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38377"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2023-22656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22656"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-43965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43965"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2021-36408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36408"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2023-39327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
},
{
"name": "CVE-2017-18253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18253"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-58053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58053"
},
{
"name": "CVE-2025-38516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38516"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-38462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38462"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38428"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2018-13410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13410"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-38262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38262"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2025-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38138"
},
{
"name": "CVE-2021-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3610"
},
{
"name": "CVE-2024-58077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58077"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-38310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38310"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2022-43250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43250"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2025-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38226"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38473"
},
{
"name": "CVE-2025-38443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38443"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-52099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52099"
},
{
"name": "CVE-2023-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43887"
},
{
"name": "CVE-2025-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21967"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"name": "CVE-2025-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38439"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38145"
},
{
"name": "CVE-2022-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2598"
},
{
"name": "CVE-2020-27829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27829"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-21749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21749"
},
{
"name": "CVE-2017-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6839"
},
{
"name": "CVE-2023-1906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1906"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2023-47471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47471"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2022-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1771"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2021-32492",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32492"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-55005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55005"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2022-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1586"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-40015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40015"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2025-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21829"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2024-57999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57999"
},
{
"name": "CVE-2018-16645",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16645"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2025-21969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21969"
},
{
"name": "CVE-2025-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38200"
},
{
"name": "CVE-2025-40007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40007"
},
{
"name": "CVE-2024-58072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58072"
},
{
"name": "CVE-2025-38273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38273"
},
{
"name": "CVE-2025-38346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38346"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2025-21722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21722"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
},
{
"name": "CVE-2022-2719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2719"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2023-34151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34151"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2021-43809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43809"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2015-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1606"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2023-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3896"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2020-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21599"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39978"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-38320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38320"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8177"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2021-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20311"
},
{
"name": "CVE-2024-58055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58055"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2024-57993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57993"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2021-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20241"
},
{
"name": "CVE-2017-12674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12674"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2025-62171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62171"
},
{
"name": "CVE-2025-38280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2025-50950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50950"
},
{
"name": "CVE-2020-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21605"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2017-1000476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000476"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2015-8863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8863"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2018-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11656"
},
{
"name": "CVE-2025-38103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38103"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2025-38514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38514"
},
{
"name": "CVE-2018-19876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19876"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-20310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20310"
},
{
"name": "CVE-2021-20245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20245"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2025-21732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21732"
},
{
"name": "CVE-2025-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38569"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2023-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22796"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2025-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38204"
},
{
"name": "CVE-2021-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40812"
},
{
"name": "CVE-2021-4217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4217"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2018-9135",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9135"
},
{
"name": "CVE-2025-38410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38410"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2021-39212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39212"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2017-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12433"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2021-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3574"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-58006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58006"
},
{
"name": "CVE-2025-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21710"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2025-22088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22088"
},
{
"name": "CVE-2025-38460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38460"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2025-38345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-21815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21815"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2017-6836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6836"
},
{
"name": "CVE-2021-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3500"
},
{
"name": "CVE-2022-25310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25310"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2025-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57807"
},
{
"name": "CVE-2025-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2024-58080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58080"
},
{
"name": "CVE-2025-21744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21744"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2025-31498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31498"
},
{
"name": "CVE-2022-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30698"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2024-57986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57986"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2021-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20244"
},
{
"name": "CVE-2025-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38181"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38391"
},
{
"name": "CVE-2025-11411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2016-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9844"
},
{
"name": "CVE-2019-13136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3941"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2025-21811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21811"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0969",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36320",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36320"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36423",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36423"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36364"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36351"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36424",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36424"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36412",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36412"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36388",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36388"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36426",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36426"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36411",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36411"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36357",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36357"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36408",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36408"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36349",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36349"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36414",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36414"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36397",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36397"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36389",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36389"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36398",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36398"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36380",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36380"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36407"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36362",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36362"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36413",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36413"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36384",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36384"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36379",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36379"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36400",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36400"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36377",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36377"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36368",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36368"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36418",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36418"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36420",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36420"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36391",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36391"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36392",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36392"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36353",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36353"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-14",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36356"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36422",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36422"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36381",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36381"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36421",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36421"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36416",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36416"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-86",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36415"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36403",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36403"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36347",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36347"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36383",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36383"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36410",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36410"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36352",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36352"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36394",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36394"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36354",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36354"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36399",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36399"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36350"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36419",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36419"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-85",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36401"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36365"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36405"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36367"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36395",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36395"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36387",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36387"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36363",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36363"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36385",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36385"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36409",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36409"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36359"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36348",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36348"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36386",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36386"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36417",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36417"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36425",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36425"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36366"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36360"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36355",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36355"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36358"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36396",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36396"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36378",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36378"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36382",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36382"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36404"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36361"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36402",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36402"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36393",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36393"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36406",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36406"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36390"
}
]
}
ncsc-2025-0395
Vulnerability from csaf_ncscnl
Published
2025-12-12 09:29
Modified
2025-12-12 09:29
Summary
Kwetsbaarheden verholpen in SAP Software
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, en SAP BusinessObjects.
Interpretaties
De kwetsbaarheden omvatten onder andere code-injectie, deserialisatie, en onvoldoende invoervalidatie, die kunnen leiden tot ongeautoriseerde toegang, gegevensverlies, en verstoring van de beschikbaarheid van systemen. Aangevallen systemen kunnen ernstige gevolgen ondervinden, zoals het uitvoeren van kwaadaardige code door geauthenticeerde aanvallers, en het risico op gegevenslekken door onvoldoende autorisatiecontroles. De impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen is aanzienlijk, met name voor de SAP producten die kwetsbaar zijn voor Denial-of-Service aanvallen en andere exploitatievormen.
Oplossingen
SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-116
Improper Encoding or Escaping of Output
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CWE-306
Missing Authentication for Critical Function
CWE-404
Improper Resource Shutdown or Release
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-489
Active Debug Code
CWE-502
Deserialization of Untrusted Data
CWE-549
Missing Password Field Masking
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-862
Missing Authorization
CWE-937
CWE-937
CWE-1035
CWE-1035
CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, en SAP BusinessObjects.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere code-injectie, deserialisatie, en onvoldoende invoervalidatie, die kunnen leiden tot ongeautoriseerde toegang, gegevensverlies, en verstoring van de beschikbaarheid van systemen. Aangevallen systemen kunnen ernstige gevolgen ondervinden, zoals het uitvoeren van kwaadaardige code door geauthenticeerde aanvallers, en het risico op gegevenslekken door onvoldoende autorisatiecontroles. De impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen is aanzienlijk, met name voor de SAP producten die kwetsbaar zijn voor Denial-of-Service aanvallen en andere exploitatievormen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Active Debug Code",
"title": "CWE-489"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Missing Password Field Masking",
"title": "CWE-549"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Internal Asset Exposed to Unsafe Debug Access Level or State",
"title": "CWE-1244"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP Software",
"tracking": {
"current_release_date": "2025-12-12T09:29:08.429888Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0395",
"initial_release_date": "2025-12-12T09:29:08.429888Z",
"revision_history": [
{
"date": "2025-12-12T09:29:08.429888Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Application Server ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "BusinessObjects Business Intelligence Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Enterprise Search for ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "NetWeaver Enterprise Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "NetWeaver Internet Communication Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "S4 HANA Private Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "SAPUI5, OpenUI5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Solution Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Web Dispatcher and Internet Communication Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Web Dispatcher, Internet Communication Manager and Content Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "jConnect"
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-42880",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "SAP Solution Manager has a code injection vulnerability due to inadequate input sanitation, allowing authenticated attackers to execute malicious code and potentially gain full control of the system.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42880 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42880.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42880"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat has multiple vulnerabilities related to improper neutralization of ANSI escape sequences and directory traversal, affecting various versions and leading to potential data modification and console manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55754 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55754.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-42928",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in SAP jConnect, particularly in the SDK for ASE, allows high privileged users to execute remote code, threatening system confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42928 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42928.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42928"
},
{
"cve": "CVE-2025-42878",
"cwe": {
"id": "CWE-1244",
"name": "Internal Asset Exposed to Unsafe Debug Access Level or State"
},
"notes": [
{
"category": "other",
"text": "Internal Asset Exposed to Unsafe Debug Access Level or State",
"title": "CWE-1244"
},
{
"category": "description",
"text": "SAP Web Dispatcher and ICM have vulnerabilities that could allow unauthenticated attackers to exploit internal testing interfaces, leading to potential sensitive data exposure and risks to application confidentiality and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42878 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42878.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42878"
},
{
"cve": "CVE-2025-42874",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"notes": [
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "description",
"text": "The SAP NetWeaver remote service for Xcelsius has vulnerabilities allowing arbitrary code execution and denial of service, posing risks to system integrity and availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42874"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial of service (DoS) vulnerabilities have been identified in Oracle Application Testing Suite, Apache Commons FileUpload, and SAP Business Objects, affecting various versions and allowing potential exploitation by attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-42877",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "SAP Web Dispatcher, Internet Communication Manager, and SAP Content Server have a memory corruption vulnerability that can be exploited by unauthenticated users, impacting availability without affecting confidentiality or integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42877 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42877.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42877"
},
{
"cve": "CVE-2025-42876",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"notes": [
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "description",
"text": "A vulnerability in SAP S/4 HANA Private Cloud allows authenticated attackers with limited authorization to access sensitive data and modify documents, posing a high confidentiality risk but low integrity risk.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42876 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42876.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42876"
},
{
"cve": "CVE-2025-42875",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "The SAP Internet Communication Framework has a vulnerability due to missing authentication checks, allowing attackers to exploit authorization tokens, which affects the application\u0027s security posture.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42875 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42875.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42875"
},
{
"cve": "CVE-2025-42904",
"cwe": {
"id": "CWE-549",
"name": "Missing Password Field Masking"
},
"notes": [
{
"category": "other",
"text": "Missing Password Field Masking",
"title": "CWE-549"
},
{
"category": "description",
"text": "An Information Disclosure vulnerability in Application Server ABAP allows authenticated attackers to access unmasked values in ABAP Lists, posing significant confidentiality risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42904 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42904.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42904"
},
{
"cve": "CVE-2025-42872",
"cwe": {
"id": "CWE-489",
"name": "Active Debug Code"
},
"notes": [
{
"category": "other",
"text": "Active Debug Code",
"title": "CWE-489"
},
{
"category": "description",
"text": "A Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal allows unauthenticated attackers to inject malicious scripts, compromising user session information with low impact on confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42872 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42872.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42872"
},
{
"cve": "CVE-2025-42873",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"notes": [
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "description",
"text": "SAPUI5 and OpenUI5 contain a Denial of Service vulnerability in the markdown-it component, leading to high CPU usage and system unresponsiveness due to an infinite loop.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42873 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42873.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42873"
},
{
"cve": "CVE-2025-42891",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "A missing authorization check in SAP Enterprise Search for ABAP allows high-privileged attackers to access and export database table contents, significantly compromising data confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42891 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42891"
},
{
"cve": "CVE-2025-42896",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "description",
"text": "SAP BusinessObjects Business Intelligence Platform is susceptible to a Server-Side Request Forgery (SSRF) vulnerability, enabling unauthenticated remote attackers to send crafted requests that may compromise confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42896 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42896.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42896"
}
]
}
ghsa-vfww-5hm6-hx2j
Vulnerability from github
Published
2025-10-27 18:31
Modified
2025-11-05 20:50
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
Summary
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
Details
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.45"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.109"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.45"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.109"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.45"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.40"
},
{
"fixed": "9.0.109"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.60"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55754"
],
"database_specific": {
"cwe_ids": [
"CWE-150"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-28T17:57:42Z",
"nvd_published_at": "2025-10-27T18:15:42Z",
"severity": "LOW"
},
"details": "Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"id": "GHSA-vfww-5hm6-hx2j",
"modified": "2025-11-05T20:50:27Z",
"published": "2025-10-27T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…