Unity Linux 20.1070e Security Update: mod_http2 (UTSA-2025-986109)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986109 advisory. In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: apache-commons-fileupload (UTSA-2025-279266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-279266 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-986107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986107 advisory. Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41,...

Unity Linux 20.1070e Security Update: apache-commons-beanutils (UTSA-2025-589226)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-589226 advisory. Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using t...

Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987458 advisory. SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely...

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986123)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986123 advisory. Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the fail...

Unity Linux 20.1070e Security Update: apache-commons-lang (UTSA-2025-986100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986100 advisory. Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting withcommons-lang:commons-lang2.0 to 2.6, and, from...

Fixed in Apache Tomcat 10.1.47

Low: Delayed cleaning of multipart upload temporary files may lead to DoS CVE-2025-61795 If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to local storage were not cleaned up immediately but left for the...

Fixed in Apache Tomcat 11.0.12

Low: Delayed cleaning of multipart upload temporary files may lead to DoS CVE-2025-61795 If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to local storage were not cleaned up immediately but left for the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: apache-commons-vfs (UTSA-2025-984774)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984774 advisory. Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' paramete...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-986094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986094 advisory. For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue...

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986128 advisory. Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitte...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-986105)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986105 advisory. Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This wa...

CVE-2025-61734

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...

CVE-2025-61735

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

CVE-2025-61733

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

Incorrect Default Permissions

org.apache.dolphinscheduler, dolphinscheduler is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper default access settings in the application, which allows an attacker to gain unauthorized access or perform unintended actions within the system...

Apache Subversion 安全漏洞

Apache Subversion is an open source version control system from the American Apache Apache Foundation. The system is compatible with the Concurrent Versions System CVS. A security vulnerability exists in versions prior to Apache Subversion 2 that stems from post-release reuse during SANM decoding...

KLA89720 DoS vulnerability in Apache Tomcat

Denial of service vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Fixed in Apache Tomcat 9.0.110 Related products Apache-Tomcat CVE list CVE-2025-61795 high Solution Update to the latest version Tomcat 9.0...

RockyLinux 10 : apache-commons-beanutils (RLSA-2025:9166)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9166 advisory. commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-48734 Tenable has extract...