2077 matches found
UBUNTU-CVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734
CVE-2026-24734 is an Improper Input Validation vulnerability affecting Apache Tomcat Native and Apache Tomcat itself. When using an OCSP responder, Tomcat Native (and the Tomcat Native FFM port) may not perform verification or freshness checks on OCSP responses, potentially allowing certificate r...
CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
Fixed in Apache Tomcat Native Connector 2.0.12 / 1.3.5
Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat Native did complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue was reported to the Tomcat security team on 2 November...
GHSA-HR7J-63V7-VJ7G Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change
Summary Deleting a user account with SFTP access or changing the user's password does not immediately terminate existing SFTP sessions, allowing continued filesystem access after credentials are revoked. This can result in unintended and unauthorized access to server files even after administrato...
Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change
Summary Deleting a user account with SFTP access or changing the user's password does not immediately terminate existing SFTP sessions, allowing continued filesystem access after credentials are revoked. This can result in unintended and unauthorized access to server files even after administrato...
Apache Tomcat和Apache Tomcat Native 输入验证错误漏洞
Apache Tomcat and Apache Tomcat Native are both products of the Apache Foundation in the United States. Apache Tomcat is a lightweight web application server that supports Servlet and JavaServer Page JSP technologies. Apache Tomcat Native is a native component library. There is an input validatio...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be bypassed. Remediation Upgrade org.apache.tomcat:tomcat-coyote-ffm to version...
Incorrect Authorization
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be...
SUSE CVE-2026-1237
Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...
SUSE CVE-2026-20883
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...
BIT-GITEA-2026-20883 Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...
BIT-GITEA-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
BIT-GITEA-2026-0798 Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...
Fixed in Apache Tomcat 10.1.52
Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 10.1.0-M7 to 10.1.51 This issue...
Fixed in Apache Tomcat 11.0.18
Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 11.0.0-M1 to 11.0.17 This issue...
Fixed in Apache Tomcat 9.0.115
Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 9.0.83 to 9.0.114 This issue wa...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...