456 matches found
GO-2025-4107 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt...
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
...
EUVD-2025-38216
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...
GHSA-GGP9-C99X-54GP KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing
Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...
Information Disclosure
OpenBao is vulnerable to an Information Disclosure Vulnerability. The vulnerability is due to a regression in audit log redaction, where raw HTTP request bodies for ACME and OIDC issuer endpoints are not properly HMAC-redacted, allowing short-lived ACME verification codes, authentication response...
CVE-2025-34280
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...
[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
CVE-2025-34280
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...
A Comparative Study of Hybrid Post-Quantum Cryptographic X.509 Certificate Schemes
As quantum computing hardware continues to advance, the integration of such technology with quantum algorithms is anticipated to enable the decryption of ciphertexts produced by RSA and Elliptic Curve Cryptography ECC within polynomial time. In response to this emerging threat, the U.S. National...
[SECURITY] Fedora 43 Update: openssl-3.5.4-1.fc43
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...
EUVD-2025-35626
OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...
[SECURITY] Fedora 41 Update: openssl-3.2.6-2.fc41
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...
EUVD-2018-1157
Malware in sbrugna...
EUVD-2015-4125
Malware in sbrugna...
EUVD-2000-1061
Malware in sbrugna...
EUVD-2018-8026
Malware in sbrugna...
EUVD-2020-27349
Malware in sbrugna...
EUVD-2014-3089
Malware in sbrugna...
EUVD-2013-6461
Malware in sbrugna...
EUVD-2000-1062
Malware in sbrugna...