Lucene search
K

728 matches found

CVE
CVE
added 2 hours ago4 views

CVE-2026-59818

etcd prior to versions 3.5.32 and 3.6.13 is vulnerable when listen-client-http-urls splits HTTP and gRPC listeners: the --client-crl-file certificate revocation list is not enforced on the gRPC listener, allowing a client with a revoked certificate to authenticate over gRPC. The issue is fixed in...

6.5CVSS6AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/30 7:49 a.m.30 views

CVE-2026-53434

A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists CRLs for a FFM presumably a specific type of connector, the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 9:16 p.m.4 views

DEBIAN-CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 9:16 p.m.10 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS0.00368EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 9:16 p.m.4 views

UBUNTU-CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:41 p.m.4 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

5.7AI score0.00368EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.5 views

PT-2026-53742

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M7 through 10.1.55 Apache Tomcat versions 9.0.83 through 9.0.118 Description An issue exists in the FFM-based TLS connector when certificate revocation lists CRLs a...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2026/06/25 9:16 p.m.4 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 p.m.2 views

DEBIAN-CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 9:16 p.m.3 views

UBUNTU-CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 8:18 p.m.6 views

EUVD-2026-39559

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS5.8AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:18 p.m.7 views

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS5.8AI score0.0018EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:18 p.m.5 views

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

5.3CVSS5.8AI score0.0018EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:18 p.m.12 views

CVE-2026-6450

CVE-2026-6450 – CRL critical extension bypass : The vulnerability lies in ParseCRL_Extensions where enforcement of critical CRL extensions is insufficient, allowing a crafted CRL with an unhandled critical extension to be accepted. This affects builds with CRL support enabled when the parsed CRL ...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52585

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A critical extension bypass exists in the ParseCRL Extensions function. The issue occurs when critical extensions in a Certificate Revocation List CRL—a list of...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

AlmaLinux 9 : tomcat (ALSA-2026:26323)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26323 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description block...

7.5CVSS7.3AI score0.00498EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 5:23 p.m.2 views

USN-8447-3 google-guest-agent vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...

10CVSS6.1AI score0.00513EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/06/22 5:23 p.m.4 views

USN-8447-3: Google Guest Agent vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...

10CVSS6.2AI score0.00513EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Go Cryptography vulnerabilities (USN-8447-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8447-1 advisory. It was discovered that Go Cryptography did not properly handle SSH global request responses. ...

10CVSS6.3AI score0.00513EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in curl

Curl versions 7.41.0 through 7.73.0 are vulnerable to a flaw related to improper checks for certificate revocation, due to insufficient verification of the OCSP response...

7.5CVSS6.8AI score0.04575EPSS
Exploits1References1
Rows per page
Query Builder