Lucene search
+L

519 matches found

RedHat Linux
RedHat Linux
added 2026/02/09 1:32 a.m.8 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.05431EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 8:16 p.m.10 views

PYSEC-2026-74

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.8AI score0.05431EPSS
Exploits0References6
NVD
NVD
added 2026/02/06 8:16 p.m.11 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS0.05431EPSS
Exploits0References6
CVE
CVE
added 2026/02/06 7:13 p.m.43 views

CVE-2026-1709

CVE-2026-1709 concerns the Keylime registrar. Affected are 7.12.0 through 7.13.0, where the registrar does not enforce client TLS authentication, enabling unauthenticated network access to administrative endpoints (e.g., listing agents, retrieving public TPM data, deleting agents). Reported CVSS ...

9.8CVSS5.4AI score0.05431EPSS
Exploits0References6Affected Software8
EUVD
EUVD
added 2026/02/06 7:13 p.m.5 views

EUVD-2026-5599

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.4CVSS5.3AI score0.05431EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 7:13 p.m.6 views

CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.4CVSS5.9AI score0.05431EPSS
Exploits0References9
OSV
OSV
added 2026/02/06 3:54 p.m.10 views

OESA-2026-1301 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

8.4CVSS5.8AI score0.00421EPSS
Exploits1References2
OSV
OSV
added 2026/02/06 3:54 p.m.6 views

OESA-2026-1302 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

8.4CVSS5.8AI score0.00421EPSS
Exploits1References2
OSV
OSV
added 2026/02/06 3:54 p.m.8 views

OESA-2026-1300 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

8.4CVSS5.8AI score0.00421EPSS
Exploits1References2
NVD
NVD
added 2026/02/05 5:16 p.m.8 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:16 p.m.7 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 4:58 p.m.5 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2026/02/05 4:58 p.m.27 views

CVE-2026-0714

CVE-2026-0714 (CISA/Red Hat context included) describes a physical-attack vulnerability in certain Moxa industrial computers running Moxa Industrial Linux 3 with TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU over an SPI bus. Exploitation requires invasive physical...

7CVSS5.3AI score0.00115EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:58 p.m.8 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00222EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/05 4:58 p.m.34 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.11 views

Moxa Industrial Linux 安全漏洞

Moxa Industrial Linux is an industrial-grade Linux system developed by Moxa Corporation in Taiwan, China. Moxa Industrial Linux has a security vulnerability, which stems from the physical attack vulnerability present in LUKS full-disk encryption supported by TPM. This vulnerability could lead to...

7CVSS5.8AI score0.00222EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/02/04 12:0 a.m.3 views

The vulnerability in the function vtpm_module_init() of the drivers/char/tpm/tpm_vtpm_proxy.c driver module allows a hacker to cause a service failure. This vulnerability targets Linux operating system-based alphanumeric devices with TPM cores.

The vulnerability of the vtpmmoduleinit function in the drivers/char/tpm/tpmvtpmproxy.c driver for Linux’s alphanumeric device drivers is related to incorrect initialization of resources. Exploiting this vulnerability could allow an attacker to cause service failures...

5.5CVSS6AI score0.00177EPSS
Exploits0References20Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

SUSE SLES16 Security Update : gpg2 (SUSE-SU-2026:20195-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20195-1 advisory. - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - CVE-2026-24883: deni...

8.4CVSS6AI score0.00447EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/02/02 9:54 p.m.3 views

CVE-2025-36238

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures...

6CVSS5.3AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 9:54 p.m.30 views

CVE-2025-36238 Power System Exposure of Sensitive System Information

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures...

6CVSS0.00155EPSS
Exploits0References1
Rows per page
Query Builder