TencentOS Server 2: apache-commons-vfs (TSSA-2025:0598)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0598 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment

Summary YAJSWYet Another Java Service Wrapper uses Apache Commons and Netty to manage services, launch and monitor application etc. WebSphere eXtreme Scale Liberty deployments, uses YAJSW to register services with the operating system. CVE-2025-27553, CVE-2025-30474 and CVE-2025-25193...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7247893)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by a vulnerability as referenced in the 7247893 advisory. - Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has ...

EUVD-2025-7320

Malicious code in bioql PyPI...

EUVD-2025-7319

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-27553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope'...

Oracle Linux 7 : apache-commons-vfs (ELSA-2025-10548)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10548 advisory. 2.0-11.0.1 - Simplify UriParser Orabug: 38161936CVE-2025-27553 Tenable has extracted the preceding description block directly from the Oracle Linux security...

apache-commons-vfs security update

2.0-11.0.1 - Simplify UriParser Orabug: 38161936CVE-2025-27553...

RHSA-2025:10548 Red Hat Security Advisory: apache-commons-vfs security update

Bulletin has no description...

apache-commons-vfs: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

A flaw was found in Apache Commons VFS. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains...

Moderate: Red Hat Security Advisory: apache-commons-vfs security update

An update for apache-commons-vfs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 7 : apache-commons-vfs (RHSA-2025:10548)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10548 advisory. Commons VFS provides a single API for accessing various different file systems. It presents a uniform view of the files from various different...

Medium: apache-commons-vfs

Issue Overview: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent ...

Medium: apache-commons-vfs

Issue Overview: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent ...

Amazon Linux 2 : apache-commons-vfs (ALAS-2025-2842)

The version of apache-commons-vfs installed on the remote host is prior to 2.0-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2842 advisory. Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a...

Amazon Linux 2 : apache-commons-vfs (ALAS-2025-2819)

The version of apache-commons-vfs installed on the remote host is prior to 2.0-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2819 advisory. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class c...

Important: apache-commons-vfs

Issue Overview: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the...

Important: apache-commons-vfs

Issue Overview: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the...

Relative Path Traversal

Apache Commons VFS is vulnerable to Relative Path Traversal. The vulnerability is due to improper validation in the resolveFile method, which allows encoded ".." sequences to bypass descendant path restrictions and access unintended files...

OESA-2025-1356 apache-commons-vfs security update

Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...