Lucene search
+L

47 matches found

OSV
OSV
added 2026/04/09 7:19 p.m.1 views

CVE-2026-29129 Apache Tomcat: TLS cipher order is not preserved

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

7.5CVSS5.9AI score0.00259EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/08 9:0 p.m.3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm which may arise due to improper preservation of the configured cipher preference order. An attacker who can...

8.2CVSS5.8AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-31698

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.16 through 11.0.18 Apache Tomcat versions 10.1.51 through 10.1.52 Apache Tomcat versions 9.0.114 through 9.0.115 Description An issue exists in Apache Tomcat where the configured cipher preference order is not...

7.5CVSS5.8AI score0.0504EPSS
Exploits1References81
Apache Tomcat
Apache Tomcat
added 2026/03/23 12:0 a.m.8 views

Fixed in Apache Tomcat 10.1.53

Moderate: The fix forCVE-2025-66614 was incomplete CVE-2026-32990 The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This was fixed with commit 4d0615a5. This issue was reported to the Tomcat security team o...

9.1CVSS6.7AI score0.0504EPSS
Exploits3Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/03/20 12:0 a.m.15 views

Fixed in Apache Tomcat 11.0.20

Moderate: The fix forCVE-2025-66614 was incomplete CVE-2026-32990 The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This was fixed with commit 021d1f83. This issue was reported to the Tomcat security team o...

9.1CVSS6.7AI score0.0504EPSS
Exploits3Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/03/20 12:0 a.m.11 views

Fixed in Apache Tomcat 9.0.116

Moderate: The fix forCVE-2025-66614 was incomplete CVE-2026-32990 The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This was fixed with commit 95f77782. This issue was reported to the Tomcat security team o...

9.1CVSS6.7AI score0.0504EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.30 views

openSUSE Security Update : lighttpd (openSUSE-SU-2012:0240-1)

This update of lighttpd fixes an out-of-bounds read due to a signedness error which could cause a Denial of Service CVE-2011-4362. Additionally an option was added to honor the server cipher order resolves lighttpd2364. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

5CVSS6.3AI score0.23076EPSS
Exploits8References3
Rows per page
Query Builder