27 matches found
CVE-2026-12715
Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...
CVE-2026-12715 Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft
Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2023-46673 DESCRIPTION: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling...
[SECURITY] Fedora 44 Update: rust-reqsign-0.20.0-1.fc44
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
OPENSUSE-SU-2025:20138-1 Security update for act
This update for act fixes the following issues: - CVE-2025-47913: Prevent panic in embedded golang.org/x/crypto/ssh/agent client when receiving unexpected message types for key listing or signing requests boo1253608...
SUSE SLES15 Security Update : buildah (SUSE-SU-2025:4229-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4229-1 advisory. - CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key listing or...
[SECURITY] Fedora 41 Update: rust-reqsign-core-2.0.1-1.fc41
Signing API requests without effort...
[SECURITY] Fedora 43 Update: rust-reqsign-0.18.1-1.fc43
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
[SECURITY] Fedora 43 Update: rust-reqsign-core-2.0.0-1.fc43
Signing API requests without effort...
GHSA-5V8F-XX9M-WJ44 Elasticsearch stores private key on disk unencrypted
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...
CVE-2024-23444 Elasticsearch elasticsearch-certutil csr fails to encrypt private key
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...
CVE-2024-23444 Elasticsearch elasticsearch-certutil csr fails to encrypt private key
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...
K15970: GnuTLS 3.x vulnerability CVE-2014-8564
Security Advisory Description The gnutlseccansix963export function in gnutlsecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service out-of-bounds write via a crafted 1 Elliptic Curve Cryptography ECC certificate or 2...
SUSE CVE-2014-8564
The gnutlseccansix963export function in gnutlsecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service out-of-bounds write via a crafted 1 Elliptic Curve Cryptography ECC certificate or 2 certificate signing requests CSR,...
HashiCorp Consul 安全漏洞
HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A security vulnerability exists in HashiCorp Consul and Consul Enterprise versions...
CVE-2021-43399
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device...
ForgeCert - "Golden" Certificates
ForgeCert uses the BouncyCastle C API and a stolen Certificate Authority CA certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ...
Security Advisory YSA-2021-04 | Yubico
The YubiHSM library that is included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests and some data operations received from the YubiHSM 2...
CVE-2014-8564
The gnutlseccansix963export function in gnutlsecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service out-of-bounds write via a crafted 1 Elliptic Curve Cryptography ECC certificate or 2 certificate signing requests CSR,...
gnutls: Heap corruption when generating key ID for ECC (GNUTLS-SA-2014-5)
An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application...