Lucene search
K

746 matches found

Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56612

Name of the Vulnerable Software and Affected Versions etcd versions prior to 3.5.32 etcd versions prior to 3.6.13 Description etcd is a distributed key-value store for the data of a distributed system. When configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto...

6.5CVSS6.1AI score0.00364EPSS
Exploits0References14
OSV
OSV
added 6 days ago5 views

BIT-TOMCAT-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23,...

9.1CVSS6AI score0.00368EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: fr...

9.1CVSS6AI score0.00368EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled...

5.3CVSS6AI score0.0018EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 9:16 p.m.5 views

UBUNTU-CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 8:41 p.m.46 views

CVE-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

0.00368EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 8:41 p.m.117 views

CVE-2026-53434

CVE-2026-53434 affects Apache Tomcat when CRLs are configured for a FFM-based connector. The root cause is a failure to detect an error condition without action, potentially bypassing security checks. Affected versions include Tomcat 11.0.0-M1 through 11.0.22, 10.1.0-M7 through 10.1.55, and 9.0.8...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/29 8:41 p.m.8 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS5.7AI score0.00368EPSS
Exploits0
OSV
OSV
added 2026/06/25 9:16 p.m.3 views

UBUNTU-CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 8:18 p.m.22 views

CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:18 p.m.7 views

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS5.8AI score0.0018EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52585

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A critical extension bypass exists in the ParseCRL Extensions function. The issue occurs when critical extensions in a Certificate Revocation List CRL—a list of...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2026:2396-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2396-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References23
OSV
OSV
added 2026/06/15 3:5 p.m.8 views

SUSE-SU-2026:2399-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delt...

8.8CVSS8.3AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2622 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may resul...

9.8CVSS9.1AI score0.01059EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2620 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may resul...

8.1CVSS9AI score0.01059EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.10 views

OESA-2026-2619 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may resul...

9.8CVSS9.1AI score0.01059EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 8:39 a.m.11 views

CVE-2026-6899 Improper Check for Certificate Revocation in S2OPC

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate...

5.6CVSS5.5AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47721

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate...

5.6CVSS5.5AI score0.00108EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2026-2258)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the require...

8.1CVSS8.3AI score0.01059EPSS
Exploits0References5
Rows per page
Query Builder