Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...

Atlassian Jira Service Management Data Center and Server 10.0.1 < 10.3.20 / 10.4.0 < 11.3.5 (JSDSERVER-16587)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16587 advisory. - This Improper Encoding, or Escaping of Output vulnerability, allows an unauthenticated attacker to...

CVE-2026-34483 vulnerabilities

Vulnerabilities for packages: thingsboard...

Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center

This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in version 11.3.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...

Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in version 11.3.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...

Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center

This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

Security update for tomcat10

This update for tomcat10 fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

SUSE-SU-2026:1572-1 Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks...

Security update for tomcat10 (important)

openSUSE security update: security update for tomcat10 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20612-1 Rating: important References: bsc1258371 bsc1261850 bsc1261851 bsc1261852 bsc1261853 bsc1261854 bsc1261855 bsc1261856 bsc1261857...

OPENSUSE-SU-2026:20595-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

Apache Tomcat 11.0.0.M14 < 11.0.21 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.21. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.21security-11 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusteri...

tomcat11-11.0.21-1.1 on GA media (moderate)

tomcat11-11.0.21-1.1 on GA media Announcement ID: openSUSE-SU-2026:10549-1 Rating: moderate Cross-References: CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVSS scores: CVE-2026-24880 SUSE : 4....

CVE-2026-34483 vulnerabilities

Vulnerabilities for packages: nacos-docker, ontop-fips, kayenta, thingsboard, camunda, camunda-zeebe, kayenta-fips, ontop, nacos...

CVE-2026-34483

A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...

CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

SUSE CVE-2024-34483

OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service infinite loop via OFPBucket.len=0...