Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)

Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized...

Improper Verification Of Cryptographic Signature

Apache Spark is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the use of an unauthenticated default encryption cipher AES/CTR/NoPadding for RPC communication when spark.network.crypto.enabled is true and no cipher is explicitly configured, which allow...

SQL Injection

Apache Flink CDC is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied identifiers, such as crafted database or table names, which allows an attacker to inject malicious SQL and manipulate queries within the application...

Apache OpenOffice External File Loading Vulnerability

Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...

Apache OpenOffice Out-of-Bounds Write Vulnerability

Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. Apache OpenOffice suffers from an out-of-bounds write vulnerability that originates from out-of-bounds writes to memory buffers, which can be exploited by a remote attacker to crash the program...

Oracle Application Testing Suite (October 2025 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by a vulnerability as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache...

Improper Resource Shutdown Or Release

Apache Tomcat is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to improper cleanup of temporary files created during multipart upload processing, which allows an attacker to trigger excessive accumulation of leftover temporary data, potentially exhausting disk spac...

PT-2025-47419

CVE-2025-13216 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-13216 Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptio...

Mageia: Security Advisory (MGASA-2025-0299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2025-0296)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2025-0293)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

MGASA-2025-0299 Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

MGASA-2025-0293 Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerability

Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... can throw a StackOverflowError on very long inputs. CVE-2025-48924...

Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerability

Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... can throw a StackOverflowError on very long inputs. CVE-2025-48924...

MGASA-2025-0296 Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

PT-2025-47117

CVE-2025-65072 - Apache Struts Deserialization Vulnerability CVE ID : CVE-2025-65072 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-47099

CVE-2025-65067 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-65067 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-47100

CVE-2025-65068 - Apache Struts Command Injection CVE ID : CVE-2025-65068 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...