2921 matches found
DEBIAN-CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
UBUNTU-CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
CVE-2026-29146
Summary of CVE-2026-29146 : The Padding Oracle flaw in Apache Tomcat’s EncryptInterceptor affects multiple Tomcat lines: 11.0.0-M1..11.0.18, 10.0.0-M1..10.1.52, 9.0.13..9.0.115, 8.5.38..8.5.100, and 7.0.100..7.0.109. Root cause: during a fix, EncryptInterceptor.messageReceived() was refactored so...
CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
SUSE-SU-2026:21018-1 Security update for ovmf
This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...
OPENSUSE-SU-2026:20499-1 Security update for ovmf
This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...
SUSE-SU-2026:21161-1 Security update for ovmf
This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from the padding used in PKCS7 CBC decryption. This vulnerability could allo...
PT-2026-31817
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. The interior padding...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the EncryptInterceptor class, which defaults to CBC mode. An attacker can obtain sensitive information via padding oracle. Remediation Upgrade org.apache.tomcat:tomcat-tribes to versio...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006613)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006613 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure...
PT-2026-30479
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exceptio...
CVE-2026-33691
A flaw was found in the OWASP core rule set CRS, a set of generic attack detection rules for web application firewalls. A remote attacker could exploit this vulnerability by inserting whitespace padding into filenames during file uploads. This bypasses the file extension checks, allowing the uplo...
OWASP CRS Arbitrary File Upload
A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...
CVE-2026-34610
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...
CVE-2026-33691
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...