EUVD-2016-4718

Malware in sbrugna...

EUVD-2024-51611

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-28053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration...

SUSE CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

UBUNTU-CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

CVE-2024-13454

CVE-2024-13454 affects Easy-RSA versions 3.0.5 through 3.1.7. The root cause is a weak encryption algorithm when the private CA key is created using OpenSSL 3, enabling a local attacker to more easily bruteforce the private CA key. Impact is limited to confidentiality/integrity of the CA key as i...

CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

DEBIAN-CVE-2020-28053

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...

CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

Code injection

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

PT-2017-8411 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue allows local users to obtain the CA key due to a problem in the pulp-qpid-ssl-cfg script. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...

CVE-2016-3106

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...

Information disclosure

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...

CVE-2016-3106

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...

Fedora 24 : pulp / pulp-docker / pulp-ostree / pulp-puppet / pulp-python / etc (2016-4373f7d32a)

2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs : - CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg - CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this...