Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-6224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the netwo...

6.5CVSS5.9AI score0.00088EPSS
Exploits1References2
Snyk
Snykadded 2025/07/01 5:35 p.m.1 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the cert.NewLeaf function. An attacker can obtain sensitive private key material by intercepting certificates transmitted in plaintext during a TLS handshake, allowing impersonation of eith...

7.1CVSS6.6AI score0.00088EPSS
Exploits1References2
Snyk
Snykadded 2025/07/01 5:35 p.m.2 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the cert.NewLeaf function. An attacker can obtain sensitive private key material by intercepting certificates transmitted in plaintext during a TLS handshake, allowing impersonation of eith...

7.1CVSS6.8AI score0.00088EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2025/07/01 5:35 p.m.13 views

juju/utils leaks private key in certs

Summary Certs generated by v4 contain their private key. Details Background Recently, I encountered an API in Go that’s easy to misuse: sha512.Sum384 and sha512.New384.Sum look very similar and behave very differently. https://go.dev/play/p/kDCqqoYk84k demonstrates this. I want to discuss extendi...

6.5CVSS7.1AI score0.00088EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2025/07/01 10:39 a.m.2 views

CVE-2025-6224 Key leakage in juju/utils certificates

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it...

6.5CVSS6.5AI score0.00088EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/07/01 10:39 a.m.6 views

CVE-2025-6224 Key leakage in juju/utils certificates

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it...

6.5CVSS0.00088EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/07/01 12:0 a.m.1 views

PT-2025-27515 · Unknown · Juju Utils

Name of the Vulnerable Software and Affected Versions: juju/utils affected versions not specified Description: The issue concerns the generation of certificates in juju/utils using the cert.NewLeaf function, which could potentially include private information. If such a certificate is transferred...

6.5CVSS5.9AI score0.00088EPSS
Exploits1References13
Rows per page
Query Builder