Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2026-1758)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1758 advisory. OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP...

Medium: libsoup

Issue Overview: OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection,...

PT-2026-26586

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip multipart parse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

RHEL 8 : libsoup (RHSA-2026:2396)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2396 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Signed to Unsigned Conversion Error Leadi...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Security Bulletin: Vulnerabilities in Apache Tomcat Server (CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2025-49125, CVE-2025-48988, CVE-2025-46701, CVE-2025-31651, CVE-2025-31650) affect Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-52434 DESCRIPTION: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomca...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.106.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-9.0.106.jar Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...

MGASA-2025-0223 Updated tomcat packages fix vulnerabilities

APR/Native Connector crash leading to DoS. CVE-2025-52434 DoS via integer overflow in multipart file upload. CVE-2025-52520 DoS via excessive h2 streams at connection start. CVE-2025-53506 H2 DoS - Made You Reset. CVE-2025-48989...

Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc1246318...

SUSE-SU-2025:02979-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc1246318...

Security update for tomcat10

This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.43i: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability...

K000153092: Apache Tomcat vulnerabilities CVE-2025-52520 and CVE-2025-49125

Security Advisory Description CVE-2025-52520 For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42,...

OESA-2025-1896 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Concurrent Execution using Shar...

CVE-2024-5950

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...