Dahua IPC 安全漏洞

Dahua IPC is a series of industrial control computers produced by Dahua Corporation in China. There is a security vulnerability in Dahua IPC. This vulnerability stems from the possibility of obtaining the CA root certificate. If this CA is installed and trusted on the client system, an attacker c...

Apache CXF 安全漏洞

Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from LDAP injection in the XKMS...

Incorrect Authorization

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization in the configuration for SSL certificate and key file paths due to incorrect option name checks. An attacker can gain unauthorized...

900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks

A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub...

MiracleLinux 3 : NetworkManager-0.7.0-9.2.AXS3 (AXSA:2010-124:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-124:01 advisory. NetworkManager attempts to keep an active network connection available at all times. It is intended only for the desktop use-case, and is not intende...

CVE-2016-10797

cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains SEC-133...

Security Bulletin: Vulnerabilities in gnutls affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in gnutls affect IBM Storage Virtualize products and could cause denial of service, confidentiality and integrity impacts. CVE-2025-32988 CVE-2025-32989. Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability exists ...

CVE-2025-8915

The CVE-2025-8915 entry concerns Kiloview N30 firmware version 2.02.246 that contains a hardcoded TLS private key and certificate. This insecure artifact enables a malicious actor to perform a network-based Man-in-the-Middle attack. The vulnerability is characterized by a high impact on confident...

EUVD-2020-24754

Malware in sbrugna...

EUVD-2011-2742

Malware in sbrugna...

SUSE CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

UBUNTU-CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

GNOME Remote desktop 安全漏洞

GNOME Remote desktop is a remote desktop software from GNOME open source. A security vulnerability exists in GNOME Remote desktop that stems from insufficient authentication of the session agent, resulting in the system RDP TLS certificates and keys being potentially exposed to unauthorized users...

(0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute high-privileged code on the target environment in order to exploit this vulnerability. The specific flaw exists within the handling of certificates...

EJBCA Authorization Issues Vulnerability

EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. A security vulnerability exists in Keyfactor EJBCA versions prior to 8.0.0 that stems from the presence of an authentication issue that results in the disclosure of CA...

PT-2023-24766 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.13.4 Description: The issue arises when Gateway API is enabled in Cilium, allowing an attacker on an affected cluster to leverage the absence of a check on the namespace in which a ReferenceGrant is created. This...

Vulnerability fixed in IBM QRadar SIEM

A vulnerability has been fixed in IBM QRadar SIEM. QRadar SIEM copies certificate files used for SSL/TLS in the QRadar Web interface to hosts in the implementation that do not need the key. Misuse of this can lead to possible access to the admin web server key. IBM has released updates to fix the...

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in CONPROSYS HMI System CHS, which originates from improper access control, and can be exploited ...

CVE-2022-40234

Versions of IBM Spectrum Protect Plus prior to 10.1.12 excluding 10.1.12 include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private ke...

CVE-2022-20230

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...