21006 matches found
SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2025:4159-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4159-1 advisory. Update to Tomcat 9.0.111: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905...
SUSE-SU-2025:4159-1 Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905 -...
CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...
It’s not personal, it’s just business
Welcome to this week's edition of the Threat Source newsletter. This week, we explore how advances in agentic AI are rapidly transforming the cyber crime business. Agentic AI programming gives AI agents autonomy, allowing them to interact with external systems to collect information, make decisio...
Security Bulletin: Multiple Vulnerabilities in Netcool Operations Insights.
Summary Multiple vulnerabilities were addressed in Netcool Operations Insight version 1.6.15. Vulnerability Details CVEID:CVE-2025-27533 DESCRIPTION: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers w...
CVE-2025-34320
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...
EUVD-2025-198301
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...
CVE-2025-34320 BASIS BBj < 25.00 Unauthenticated Arbitrary File Read RCE
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...
CVE-2025-34320
CVE-2025-34320 affects BASIS BBj versions prior to 25.00 where a Jetty-served web endpoint fails to properly validate or canonicalize input path segments, enabling unauthenticated directory traversal. This can allow reading arbitrary system files accessible to the service account and, from retrie...
CVE-2025-34320 BASIS BBj < 25.00 Unauthenticated Arbitrary File Read RCE
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...
EUVD-2025-198276
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...
CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...
CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...
CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...
CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...
CVE-2025-40605
CVE-2025-40605 affects SonicWall Email Security appliances and is a path traversal vulnerability that lets an attacker manipulate file system paths by inserting directory-traversal sequences (e.g., ../) to access files outside restricted paths. The advisory set confirms related fixes in SonicWall...
Security Bulletin: Vulnerabilities in Apache Tomcat Server (CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2025-49125, CVE-2025-48988, CVE-2025-46701, CVE-2025-31651, CVE-2025-31650) affect Power HMC.
Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-52434 DESCRIPTION: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomca...
Security Bulletin: Vulnerabilities in httpd library (CVE-2024-47252, CVE-2025-23048, CVE-2025-49630) affect Power HMC.
Summary The httpd library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47252 DESCRIPTION: Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS...
Directory Traversal
Overview cn.dreampie:resty-httpclient is a Resty java httpClient Affected versions of this package are vulnerable to Directory Traversal via the Request function. An attacker can access or modify files outside the intended directory by supplying crafted input to the filename argument. Details A...