[SECURITY] Fedora 42 Update: dotnet9.0-9.0.116-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Fedora 42 : dotnet9.0 (2026-ac43e01af9)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ac43e01af9 advisory. Update to .NET SDK 9.0.116 and Runtime 9.0.15 Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116 Release Notes: - SDK:...

MiracleLinux 8 : dotnet9.0-9.0.116-1.el8_10 (AXSA:2026-500:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-500:08 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203...

Apache Tomcat 9.0.113 < 9.0.116 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.116. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.116security-9 advisory. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled...

Oracle Linux 10 : .NET / 9.0 (ELSA-2026-8472)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8472 advisory. 9.0.116-1.0.1 - Add support for Oracle Linux 9.0.116-1 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163396 Tenable has extracted t...

Oracle Linux 8 : .NET / 9.0 (ELSA-2026-8475)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8475 advisory. 9.0.116-1.0.1 - Add support for Oracle Linux 9.0.116-1 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163389 Tenable has extracted th...

RHEL 9 : .NET 9.0 (RHSA-2026:8474)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8474 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

BIT-TOMCAT-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.0.0 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended t...

BIT-TOMCAT-2026-25854 Apache Tomcat: Occasionally open redirect

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported...

BIT-TOMCAT-2026-32990 Apache Tomcat: Fix for CVE-2025-66614 is incomplete

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...

PT-2026-32438

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0...

Linux Distros Unpatched Vulnerability : CVE-2026-25854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat:...

Linux Distros Unpatched Vulnerability : CVE-2026-24880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects...

Linux Distros Unpatched Vulnerability : CVE-2026-32990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through...

EUVD-2026-21056

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

GHSA-563X-Q5RQ-57QP Apache Tomcat has an HTTP Request/Response Smuggling vulnerability

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

Improper Certificate Validation

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...

Apache Tomcat has an Open Redirect vulnerability

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

CVE-2026-29129

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

UBUNTU-CVE-2026-24880

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...