Lucene search
+L

24 matches found

osv
osv
added 6 days ago1 views

RLSA-2026:36790 Important: tomcat9 security, bug fix, and enhancement update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

7.5CVSS6.9AI score0.21691EPSS
Exploits6References3
redhat
redhat
added 2026/07/09 8:24 a.m.7 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References5
redhat
redhat
added 2026/07/08 10:12 p.m.5 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References5
redhat
redhat
added 2026/07/08 9:46 p.m.5 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References5
redhat
redhat
added 2026/07/08 4:16 p.m.6 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.2AI score0.21691EPSS
Exploits6References3
ibm
ibm
added 2026/06/24 6:29 p.m.3 views

Security Bulletin: Vulnerabilities found in Watson Data Intelligence

Summary Multiple Vulnerabilities were addressed in Watson Data Intelligence version 5.3.1-patch3. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expecte...

9.8CVSS6.6AI score0.0504EPSS
Exploits3Affected Software1
nessus
nessus
added 2026/05/26 12:0 a.m.11 views

Atlassian Confluence 9.1.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103647)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103647 advisory. - This Information Disclosure vulnerability allows an unauthenticated attacker to view sensitive information via an Information Disclosure...

7.5CVSS7.3AI score0.0504EPSS
Exploits1References2
suse
suse
added 2026/04/24 11:48 a.m.6 views

Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

8.7CVSS5.6AI score0.0504EPSS
Exploits1References40
suse
suse
added 2026/04/24 11:47 a.m.7 views

Security update for tomcat10

This update for tomcat10 fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

8.7CVSS5.6AI score0.21691EPSS
Exploits6References40
suse
suse
added 2026/04/23 3:52 p.m.10 views

Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

8.7CVSS7.4AI score0.21691EPSS
Exploits8References40
osv
osv
added 2026/04/23 3:52 p.m.7 views

SUSE-SU-2026:1572-1 Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks...

9.1CVSS8.5AI score0.21691EPSS
Exploits8References21
opensuse
opensuse
added 2026/04/23 12:0 a.m.13 views

Security update for tomcat10 (important)

openSUSE security update: security update for tomcat10 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20612-1 Rating: important References: bsc1258371 bsc1261850 bsc1261851 bsc1261852 bsc1261853 bsc1261854 bsc1261855 bsc1261856 bsc1261857...

8.7CVSS7.4AI score0.21691EPSS
Exploits6References9
osv
osv
added 2026/04/21 11:43 a.m.16 views

OPENSUSE-SU-2026:20595-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.21691EPSS
Exploits8References20
opensuse
opensuse
added 2026/04/15 12:0 a.m.5 views

tomcat-9.0.117-1.1 on GA media (moderate)

tomcat-9.0.117-1.1 on GA media Announcement ID: openSUSE-SU-2026:10547-1 Rating: moderate Cross-References: CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVSS scores: CVE-2026-24880 SUSE : 4.8...

8.7CVSS5.8AI score0.21691EPSS
Exploits8
opensuse
opensuse
added 2026/04/15 12:0 a.m.7 views

tomcat11-11.0.21-1.1 on GA media (moderate)

tomcat11-11.0.21-1.1 on GA media Announcement ID: openSUSE-SU-2026:10549-1 Rating: moderate Cross-References: CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVSS scores: CVE-2026-24880 SUSE : 4....

8.7CVSS6.8AI score0.21691EPSS
Exploits8
osv
osv
added 2026/04/13 5:53 a.m.6 views

BIT-TOMCAT-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References18
redhatcve
redhatcve
added 2026/04/10 7:7 a.m.8 views

CVE-2026-29146

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS5AI score0.0504EPSS
Exploits1References4
nessus
nessus
added 2026/04/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-29146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18,...

7.5CVSS7AI score0.0504EPSS
Exploits1References3
github
github
added 2026/04/09 9:31 p.m.8 views

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References12Affected Software2
osv
osv
added 2026/04/09 8:16 p.m.18 views

UBUNTU-CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References3
Rows per page
Query Builder