Lucene search
K

873 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007107 advisory. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake...

10CVSS5.9AI score0.00765EPSS
Exploits1References4
OSV
OSV
added 2026/04/09 9:31 p.m.4 views

GHSA-24J9-X2WG-9QV6 Apache Tomcat: CLIENT_CERT authentication does not fail as expected

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/09 9:31 p.m.5 views

EUVD-2026-21059

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

5.8AI score0.00469EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.18 views

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/04/09 9:31 p.m.6 views

EUVD-2026-21011

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

5.8AI score0.00715EPSS
Exploits2References2
OSV
OSV
added 2026/04/09 9:31 p.m.4 views

GHSA-95JQ-RWVF-VJX4 Apache Tomcat: CLIENT_CERT authentication does not fail as expected

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References10
NVD
NVD
added 2026/04/09 8:16 p.m.11 views

CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS0.00469EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 8:16 p.m.1 views

DEBIAN-CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.3AI score0.00469EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 8:16 p.m.9 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS0.00715EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.6 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.4 views

CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 8:16 p.m.11 views

UBUNTU-CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References4
OSV
OSV
added 2026/04/09 8:16 p.m.8 views

UBUNTU-CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/09 7:36 p.m.4 views

CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.2AI score0.00469EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/09 7:36 p.m.6 views

CVE-2026-34500 Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

5.8AI score0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 7:36 p.m.36 views

CVE-2026-34500 Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

0.00469EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 7:36 p.m.47 views

CVE-2026-34500

CVE-2026-34500 affects Apache Tomcat, where CLIENT_CERT authentication may bypass non-failing behavior in scenarios with soft fail disabled and FFM . Affected versions are: Tomcat 11.0.0-M14 through 11.0.20, 10.1.22 through 10.1.53, and 9.0.92 through 9.0.116. The issue is resolved by upgrading t...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/09 7:36 p.m.2 views

CVE-2026-34500 Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS6.6AI score0.00469EPSS
Exploits0References4
Apache Tomcat
Apache Tomcat
added 2026/04/09 7:20 p.m.8 views

Fixed in Apache Tomcat Native Connector 2.0.14 / 1.3.7

Moderate: OCSP checks sometimes soft-fail even when soft-fail is disabled CVE-2026-29145 CLIENTCERT authentication did not fail OCSP checks as expected for some scenarios when soft fail was disabled. This was fixed with commit bcea0ac2 2.0.x and 204f7f8a 1.3.x. This issue was reported to the Tomc...

9.1CVSS5.8AI score0.00715EPSS
Exploits2Affected Software1
CVE
CVE
added 2026/04/09 7:20 p.m.129 views

CVE-2026-29145

CVE-2026-29145 describes an authentication bypass in Apache Tomcat mutual TLS (CLIENT_CERT) when OCSP soft-fail is disabled. Affected are Tomcat 11.0.0-M1–11.0.18, 10.1.0-M7–10.1.52, and 9.0.83–9.0.115, plus Tomcat Native 1.1.23–1.1.34, 1.2.0–1.2.39, 1.3.0–1.3.6, and 2.0.0–2.0.13. With OCSP failu...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References2Affected Software2
Rows per page
Query Builder