3549 matches found
CVE-2025-34209 Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
kernel security update
4.18.0-553.77.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
kernel security update
5.14.0-570.49.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...
CVE-2025-0663
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
Oracle Linux 10 : kernel (ELSA-2025-16354)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-16354 advisory. 6.12.0-55.34.1.0.1 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Add new Oracle Linux Driver Signing key 1 certificate Orabug:...
CVE-2025-0663
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
CVE-2025-0663
Summary: CVE-2025-0663 describes a cross-tenant authentication vulnerability in multiple WSO2 products due to a single cryptographic key used across all tenants to sign authentication cookies in Adaptive Authentication. This design flaw can allow a privileged user in one tenant to forge cookies f...
CVE-2025-0663 Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
kernel security update
5.14.0-570.46.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...
kernel security update
4.18.0-553.76.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
CVE-2025-54807
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...
CVE-2025-59339
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...
CVE-2025-54807
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...
CVE-2025-54807 Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...
CVE-2025-54807 Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...
PT-2025-38480
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The secret used for validating authentication tokens is hardcoded in device firmware. An attacker who obtains the signing key can bypass authentication, gaining...
CVE-2025-43331
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data...
GHSA-255V-QV84-29P5 DragonFly's manager generates mTLS certificates for arbitrary IP addresses
Impact A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if...
CVE-2025-59339
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...
CVE-2025-59339
CVE-2025-59339 affects The Bastion’s session-recording workflow: the osh-encrypt-rsync script rotates and encrypts ttyrec files using GPG keys, but it silently fails to apply signatures even when signing is requested. This can undermine data integrity of archived ttyrec files. Affected component ...