Lucene search
K

2878 matches found

OSV
OSV
added 2026/04/22 10:52 a.m.8 views

OPENSUSE-SU-2026:20612-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS5.3AI score0.15831EPSS
Exploits6References20
OSV
OSV
added 2026/04/21 11:42 a.m.6 views

SUSE-SU-2026:21366-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.15831EPSS
Exploits6References21
Redos
Redos
added 2026/04/20 12:0 a.m.6 views

ROS-20260420-73-0017

A vulnerability in the SSLCIPHERfind function of the OpenSSL library is related to pointer dereferencing. Exploitation of the vulnerability may allow an attacker acting remotely to cause a denial of service...

5.9CVSS7.1AI score0.00748EPSS
Exploits1
OSV
OSV
added 2026/04/17 1:2 p.m.12 views

OESA-2026-1970 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Inconsistent Interpretation of...

9.1CVSS5.7AI score0.15831EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.13 views

Apache Tomcat 10.1.50 < 10.1.53 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.53security-10 advisory. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled...

9.1CVSS6.4AI score0.03494EPSS
Exploits2References14
Snyk
Snyk
added 2026/04/15 10:16 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.12 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 8:56 a.m.3 views

CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...

9.3CVSS5.8AI score0.00313EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 8:56 a.m.80 views

CVE-2025-14813

CVE-2025-14813 affects BC-JAVA (bcprov) releases prior to 1.84, where the GOSTCTR mode cannot process more than 255 blocks. This vulnerability impacts all core modules using GOSTCTR in bcprov, with a critical impact on confidentiality, integrity, and availability (per CVSS 4.0: AV:L, AC:L, PR:N, ...

9.3CVSS5.8AI score0.00313EPSS
Exploits0References17
OSV
OSV
added 2026/04/14 1:10 p.m.7 views

JLSEC-2026-108 Deno's AES GCM authentication tags are not verified

Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...

8.7CVSS5.7AI score0.0024EPSS
Exploits1References7
OSV
OSV
added 2026/04/14 1:10 p.m.3 views

JLSEC-2026-114 Deno node:crypto doesn't finalize cipher

Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...

9.2CVSS5.8AI score0.00195EPSS
Exploits1References4
OSV
OSV
added 2026/04/13 5:53 a.m.3 views

BIT-TOMCAT-2026-29129 Apache Tomcat: TLS cipher order is not preserved

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32440

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/04/12 5:23 a.m.7 views

MGASA-2026-0095 Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

9.1CVSS5.8AI score0.15831EPSS
Exploits6References12
SUSE CVE
SUSE CVE
added 2026/04/10 11:26 p.m.4 views

SUSE CVE-2026-29129

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

4.8CVSS5.8AI score0.00259EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/10 7:7 a.m.4 views

CVE-2026-29129

A flaw was found in Apache Tomcat. This vulnerability occurs when the configured cipher preference order is not preserved. This could allow an attacker to bypass intended security configurations, potentially leading to a weakened security posture or information disclosure. Mitigation Configure...

7.5CVSS5.9AI score0.00259EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/10 6:31 a.m.2 views

EUVD-2026-21305

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if cmac-totalSz != 0 to skip XOR-chaining on the first block where digest is all-zeros and the XOR is a no-op. However, totalSz is word32 and wrap...

8.2CVSS5.9AI score0.0042EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 6:31 a.m.6 views

EUVD-2026-21292

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...

7.6CVSS5.9AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:8 a.m.5 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the wolfSSLEVPCipherFinal process. An attacker can obtain unauthorized access to plaintext data by submitting ciphertext with a forged or incorrect authentication tag, as the tag is not...

8.1CVSS5.8AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:6 a.m.3 views

CVE-2026-5477

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if cmac-totalSz != 0 to skip XOR-chaining on the first block where digest is all-zeros and the XOR is a no-op. However, totalSz is word32 and wrap...

8.2CVSS5.9AI score0.0042EPSS
Exploits0References2
Rows per page
Query Builder