Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...

tomcat11-11.0.22-1.1 on GA media (moderate)

tomcat11-11.0.22-1.1 on GA media Announcement ID: openSUSE-SU-2026:10927-1 Rating: moderate Cross-References: CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 CVSS scores: CVE-2026-41284 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:...

tomcat10-10.1.55-1.1 on GA media (moderate)

tomcat10-10.1.55-1.1 on GA media Announcement ID: openSUSE-SU-2026:10926-1 Rating: moderate Cross-References: CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 CVSS scores: CVE-2026-41284 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:...

ROOT-APP-MAVEN-CVE-2026-41293 CVE-2026-41293 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2026-41293 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

CVE-2026-41293 vulnerabilities

Vulnerabilities for packages: ontop, ontop-fips, thingsboard, camunda-zeebe, camunda, nacos, kayenta, kayenta-fips, nacos-docker...

Linux Distros Unpatched Vulnerability : CVE-2026-41293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

geronimo:geronimo-tomcat (>=1.0 <=1.1.1), geronimo:geronimo-tomcat-builder (>=1.0 <=1.1.1) +17 more potentially affected by CVE-2026-41293 via tomcat:tomcat-coyote (>=5.5.15 <=5.5.9)

tomcat:tomcat-coyote MAVEN version =5.5.15, =1.0, =1.0, =1.1.1 - geronimo:tomcat =1.0 - org.apache.geronimo.assemblies:geronimo-tomcat-minimal =1.2-beta - org.apache.geronimo.configs:ca-helper-tomcat =1.2-beta - org.apache.geronimo.configs:dojo-tomcat =1.2-beta -...

br.com.arsmachina:tapestry-url-rewriter (>=1.0.1 <=2.0.0), com.butor:butor-mule (>=1.0.3 <=1.0.18) +167 more potentially affected by CVE-2026-41293 via org.apache.tomcat:coyote (>=6.0.13 <=6.0.53)

org.apache.tomcat:coyote MAVEN version =6.0.13, =1.0.1, =1.0.3, =1.5, =1.8.2, =1.40, =1.40, =1.40, =2.3.0, =2.3.0, =1.0.b1, =20250815, =20260429 and more Source cves: CVE-2026-41293 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-16691219...

CVE-2026-41293

creationtimestamp| type| source ---|---|--- 2026-05-12 17:15:01+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mloc2ajsvu2j...

CVE-2026-41293

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to...

UBUNTU-CVE-2026-41293

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to...

CVE-2023-41293

creationtimestamp| type| source ---|---|--- 2023-09-25 16:39:16+00:00| seen| https://t.me/cibsecurity/70985...

CVE-2023-41293

Huawei HarmonyOS DDMP 모듈에서 데이터 보안 분류 계층의 취약점이 보고되었습니다. CVE-2023-41293은 DDMP 모듈의 접근 제어 부재로 인해 원격에서 악용될 수 있으며, 확인된 영향은 기밀성의 손상입니다. NVD 메트릭에 따르면 이 취약점의 공격 벡터는 네트워크이며, 공격의 복잡도는 낮고, 필요 권한은 없음, 사용자 상호작용도 필요하지 않습니다. 기밀성에 높은 영향이 확인되지만, 문서에 제시된 구체적 악용 코드나 실전 공격 정보는 제공되지 않습니다. 패치 버전이나 구체적 수정안은 명시적으로 제시되어 있...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2022-41293

Summary: IBM Robotic Process Automation (RPA) is vulnerable to insufficient protection of credentials created in the control center (CVE-2022-41293). The vulnerability affects IBM RPA for Cloud Pak (&lt; 21.0.3), IBM RPA as a Service (&lt; 21.0.3), and IBM RPA (

CVE-2021-41293

creationtimestamp| type| source ---|---|--- 2021-09-30 14:37:58+00:00| seen| https://t.me/cibsecurity/29708 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-41293.yaml 2025-01-26 00:00:00+00:00| seen| The Shadowserver...

CVE-2021-41293

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information...

CVE-2021-41293

The ECOA Building Automation System (BAS) controller is affected by a path traversal/arbitrary file disclosure vulnerability. Affected component/file: viewlog.jsp; attack vector is via the POST parameter fname, allowing an unauthenticated attacker to disclose arbitrary files and sensitive system ...