Lucene search
K

1073 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.11 views

RHCOS 2 : node.js (RHSA-2015:1546)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1546 advisory. - SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack CVE-2014-3566 Note that Nessus has not tested for this issue but has instead...

4.3CVSS6.8AI score0.99999EPSS
Exploits7References4
Amazon
Amazon
added 2026/04/30 12:0 a.m.10 views

Medium: tomcat

Issue Overview: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0...

9.1CVSS5.7AI score0.03494EPSS
Exploits2
OSV
OSV
added 2026/04/27 6:33 p.m.14 views

JLSEC-2026-218 In situations where an attacker receives automated notification of the success or failure of a...

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.1AI score0.03838EPSS
Exploits0References44
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/21 12:0 a.m.6 views

Security update for ovmf (moderate)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20499-1 Rating: moderate References: bsc1252441 Cross-References: CVE-2025-59438 CVSS scores: CVE-2025-59438 SUSE : 5.5...

5.7CVSS5.7AI score0.0024EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.9 views

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1413-1 advisory. This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.14 views

Apache Tomcat 10.1.50 < 10.1.53 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.53security-10 advisory. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled...

9.1CVSS6.4AI score0.03494EPSS
Exploits2References14
SUSE Linux
SUSE Linux
added 2026/04/16 1:34 p.m.9 views

Security update for ovmf

This update for ovmf fixes the following issue: CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.7CVSS5.8AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 1:34 p.m.6 views

SUSE-SU-2026:1413-1 Security update for ovmf

This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.12 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2026/04/13 4:1 p.m.3 views

BIT-TOMCAT-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.0.0 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended t...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References8
Mageia
Mageia
added 2026/04/12 5:23 a.m.9 views

Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

9.1CVSS5.8AI score0.15831EPSS
Exploits6References11
OSV
OSV
added 2026/04/12 5:23 a.m.7 views

MGASA-2026-0095 Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

9.1CVSS5.8AI score0.15831EPSS
Exploits6References12
SUSE CVE
SUSE CVE
added 2026/04/10 11:26 p.m.10 views

SUSE CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/04/10 7:7 a.m.7 views

CVE-2026-29146

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS5AI score0.03494EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/10 12:30 a.m.6 views

EUVD-2026-21235

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.9AI score0.00111EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-5504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 11:17 p.m.11 views

DEBIAN-CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

5.3CVSS5.3AI score0.00111EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 11:17 p.m.7 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 11:17 p.m.10 views

UBUNTU-CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 10:33 p.m.23 views

CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS0.00111EPSS
Exploits0References1
Rows per page
Query Builder