CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

SUSE CVE•added 2026/06/13 2:19 a.m.•7 views

SUSE CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.9CVSS5.7AI score0.00262EPSS

Exploits0References5

RedHat Linux•added 2026/06/11 1:24 p.m.•7 views

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.3CVSS5.5AI score0.00262EPSS

Exploits0References4

RedHat Linux•added 2026/06/11 1:9 p.m.•26 views

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.1CVSS5.8AI score0.02268EPSS

Exploits0References16

EUVD•added 2026/06/09 6:30 p.m.•11 views

EUVD-2026-35486

5.3CVSS5.7AI score0.00262EPSS

Exploits0References6

AlpineLinux•added 2026/06/09 4:3 p.m.•8 views

CVE-2026-42769

5.3CVSS5.7AI score0.00262EPSS

Exploits0

RedhatCVE•added 2026/06/05 7:21 p.m.•9 views

CVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...

9.1CVSS5.5AI score0.00274EPSS

Exploits1References1

Oracle linux•added 2026/05/12 12:0 a.m.•17 views

kernel security update

6.12.0-124.56.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

8.8CVSS6AI score0.93235EPSS

Exploits30

Tenable Nessus•added 2026/04/13 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH...

9.1CVSS5.8AI score0.00274EPSS

Exploits1References2

EUVD•added 2026/04/10 7:20 p.m.•5 views

EUVD-2026-20876

LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin...

9.1CVSS5.8AI score0.00274EPSS

Exploits1References3

OSV•added 2026/04/10 7:20 p.m.•4 views

GHSA-C3H3-89QF-JQM5 LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin

Summary A restricted TLS certificate user can escalate to cluster admin by changing their certificate type from client to server via PUT/PATCH to /1.0/certificates/fingerprint. The non-admin guard and reset block in doCertificateUpdate fail to validate or reset the Type field, allowing a...

9.1CVSS5.9AI score0.00274EPSS

Exploits1References4

NVD•added 2026/04/09 10:16 a.m.•5 views

CVE-2026-34179

9.1CVSS0.00274EPSS

Exploits1References2

UbuntuCve•added 2026/04/09 10:16 a.m.•1 views

CVE-2026-34179

9.1CVSS5.8AI score0.00274EPSS

Exploits1References3

OSV•added 2026/04/09 10:16 a.m.•2 views

UBUNTU-CVE-2026-34179

9.1CVSS5.8AI score0.00274EPSS

Exploits1References4

Snyk•added 2026/04/09 10:7 a.m.•4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

9.6CVSS5.4AI score0.00274EPSS

Exploits1References2

Snyk•added 2026/04/09 10:7 a.m.•5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

9.6CVSS5.4AI score0.00274EPSS

Exploits1References2

ATTACKERKB•added 2026/04/09 9:22 a.m.•3 views

CVE-2026-34179

9.1CVSS5.9AI score0.00274EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/04/09 9:22 a.m.•3 views

CVE-2026-34179 Update of type field in restricted TLS certificate allows privilege escalation to cluster admin

9.1CVSS5.9AI score0.00274EPSS

Exploits1References2

CVE•added 2026/04/09 9:22 a.m.•10 views

CVE-2026-34179

CVE-2026-34179 affects Canonical LXD versions 4.12–6.7. The vulnerability is in the doCertificateUpdate function (lxd/certificates.go) where the Type field is not validated for PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, enabling a remote authentica...

9.1CVSS5.9AI score0.00274EPSS

Exploits1References2Affected Software1