Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.13 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.4AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.21 views

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/02 12:31 a.m.24 views

EUVD-2026-33817

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.8AI score0.00346EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.14 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:22 p.m.10 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.8AI score0.00346EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/01 9:22 p.m.31 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS0.00346EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:22 p.m.9 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.8AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45616

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions v76.12.0 through v78.12.0 CF Deployment versions v30.0.0 through v56.0.0 Description Private key exposure occurs when the server inadvertently reveals Elliptic Curve EC private keys through the public '/token keys'...

10CVSS5.8AI score0.00346EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Cloud Foundry UAA 安全漏洞

Cloud Foundry UAA is an identity verification and management service terminal designed for the CloudFoundry platform by the Cloud Foundry Foundation in the United States. There is a security vulnerability in Cloud Foundry UAA, which stems from the exposure of private keys. This vulnerability may...

10CVSS5.3AI score0.00346EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2026/05/14 12:0 a.m.7 views

CVE-2026-40965 - UAA EC Private Key Disclosure via token_keys JSON Response | Cloud Foundry

10.0 / Critical CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L 10.0 / Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contain...

10CVSS5.8AI score0.00346EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:26 p.m.8 views

CVE-2026-42576

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

6.5CVSS5.7AI score0.00252EPSS
Exploits0References4Affected Software1
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.16 views

openssh security update

8.7p1-49.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-49 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in...

8.1CVSS6AI score0.00419EPSS
Exploits0
OSV
OSV
added 2026/05/04 9:25 p.m.11 views

GHSA-M7HM-VM4X-28JF apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery

DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/04 9:25 p.m.9 views

apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery

DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:1 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography [CVE-2026-26007]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography, due to a condition where the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey...

8.2CVSS6.4AI score0.00341EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.9 views

PT-2026-7473

Name of the Vulnerable Software and Affected Versions cryptography versions prior to 46.0.5 Description The public key from numbers or EllipticCurvePublicNumbers.public key, EllipticCurvePublicNumbers.public key, load der public key, and load pem public key functions do not validate that the...

8.2CVSS5.3AI score0.00341EPSS
Exploits0References364
OSV
OSV
added 2026/02/06 3:54 p.m.7 views

OESA-2026-1300 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

8.4CVSS5.8AI score0.00421EPSS
Exploits1References2
OSV
OSV
added 2026/01/27 7:16 p.m.6 views

AZL-76146 CVE-2026-24882 affecting package gnupg2 for versions less than 2.4.0-3

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys...

8.4CVSS6.2AI score0.00421EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 6:40 p.m.7 views

CVE-2026-24882

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys...

8.4CVSS5.6AI score0.00421EPSS
Exploits1References9
Packet Storm News
Packet Storm News
added 2025/10/16 12:0 a.m.32 views

AEX-NStep: Probabilistic Interrupt Counting Attacks on Intel SGX

To mitigate interrupt-based stepping attacks notably using SGX-Step, Intel introduced AEX-Notify, an ISA extension to Intel SGX that aims to prevent deterministic single-stepping. In this work, we introduce AEX-NStep, the first interrupt counting attack on AEX-Notify-enabled Enclaves. We show tha...

6.8AI score
Exploits0
Rows per page
Query Builder