UBUNTU-CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

CVE-2026-34500

CVE-2026-34500 affects Apache Tomcat: OCSP/CLIENT_CERT authentication behavior where, in some scenarios, client certificate validation does not fail as expected when soft-fail is disabled and FFM is used. The issue impacts Tomcat versions 11.0.0-M14 through 11.0.20, 10.1.22 through 10.1.53, and 9...

CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

Envoy 输入验证错误漏洞

Envoy is an open source distributed proxy server. Envoy suffers from an input validation error vulnerability that stems from the ability to escalate privileges when failuremodeallow: true is configured for the extauthz filter...

Schneider M580 suffers from denial of service vulnerability (CNVD-2020-04565)

Schneider Electric SA is a global electrical company headquartered in France. A denial of service vulnerability exists in the Schneider M580, which can be exploited by an attacker to cause the PLC to enter a fatal failure mode after sending a well-constructed 0x29 function code data message, whic...

Siemens SIMATIC S7-300 CPU Denial of Service Vulnerability

The Siemens SIMATIC S7-300 CPU is a modular general-purpose controller from Siemens for the manufacturing industry. A denial of service vulnerability exists in the Siemens SIMATIC S7-300 CPU family of devices. By exploiting the vulnerability, an attacker can launch a denial-of-service attack unde...

SA102 : Unifed Agent Configuration Changes are not Detected

SUMMARY Configuration files for Unified Agent running in local enforcement mode can be modified by administrators on the client. Configuration files can be modified to unblock categories or to disable Unified Agent entirely. AFFECTED PRODUCTS Unified Agent --- CVE | Affected Versions | Remediatio...