Lucene search
K

32 matches found

SUSE CVE
SUSE CVE
โ€ขadded 2026/02/10 12:25 a.m.โ€ข5 views

SUSE CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.4CVSS5.5AI score0.05431EPSS
Exploits0References6
RedHat Linux
RedHat Linux
โ€ขadded 2026/02/09 9:44 a.m.โ€ข8 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.05431EPSS
Exploits0References4
Veracode
Veracode
โ€ขadded 2026/02/09 7:31 a.m.โ€ข5 views

Authentication Bypass

Keylime is vulnerable to an Authentication Bypass. The vulnerability is due to missing enforcement of client-side TLS authentication in the Keylime registrar, allowing unauthenticated clients with network access to perform administrative operations such as listing agents, retrieving public TPM...

9.8CVSS5.5AI score0.05431EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
โ€ขadded 2026/02/09 2:49 a.m.โ€ข2 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.05431EPSS
Exploits0References4
RedHat Linux
RedHat Linux
โ€ขadded 2026/02/09 1:32 a.m.โ€ข6 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.05431EPSS
Exploits0References4
OSV
OSV
โ€ขadded 2026/02/06 10:34 p.m.โ€ข3 views

GHSA-4JQP-9QJV-57M2 Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

9.4CVSS5.6AI score0.05431EPSS
Exploits0References9
OSV
OSV
โ€ขadded 2026/02/06 8:16 p.m.โ€ข10 views

PYSEC-2026-74

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.8AI score0.05431EPSS
Exploits0References6
NVD
NVD
โ€ขadded 2026/02/06 8:16 p.m.โ€ข11 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS0.05431EPSS
Exploits0References6
UbuntuCve
UbuntuCve
โ€ขadded 2026/02/06 8:16 p.m.โ€ข7 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.8AI score0.05431EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2026/02/06 7:13 p.m.โ€ข5 views

CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.4CVSS5.9AI score0.05431EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/02/06 7:13 p.m.โ€ข3 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.4CVSS5.4AI score0.05431EPSS
Exploits0References6
CVE
CVE
โ€ขadded 2026/02/06 7:13 p.m.โ€ข38 views

CVE-2026-1709

CVE-2026-1709 concerns the Keylime registrar. Affected are 7.12.0 through 7.13.0, where the registrar does not enforce client TLS authentication, enabling unauthenticated network access to administrative endpoints (e.g., listing agents, retrieving public TPM data, deleting agents). Reported CVSS ...

9.8CVSS5.4AI score0.05431EPSS
Exploits0References6Affected Software8
RedhatCVE
RedhatCVE
โ€ขadded 2026/02/06 7:13 p.m.โ€ข7 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.4AI score0.05431EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/02/06 12:0 a.m.โ€ข4 views

Linux Distros Unpatched Vulnerability : CVE-2026-1709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This...

9.4CVSS5.5AI score0.05431EPSS
Exploits0References2
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข5 views

EUVD-2023-0106

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00463EPSS
Exploits0References10
Cvelist
Cvelist
โ€ขadded 2025/03/15 8:50 a.m.โ€ข21 views

CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas...

4.3CVSS0.00365EPSS
Exploits0References4
OSV
OSV
โ€ขadded 2025/02/14 6:3 p.m.โ€ข3 views

GHSA-9JXQ-5X44-GX23 Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0

Impact The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions = 7.8.0, raising an exception. This makes the Keylime registrar...

4.3CVSS6.1AI score0.00365EPSS
Exploits0References6
Github Security Blog
Github Security Blog
โ€ขadded 2025/02/14 6:3 p.m.โ€ข9 views

Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0

Impact The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions = 7.8.0, raising an exception. This makes the Keylime registrar...

4.3CVSS6.4AI score0.00365EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2025/02/14 12:0 a.m.โ€ข11 views

PT-2025-6825

Name of the Vulnerable Software and Affected Versions Keylime versions 7.8.0 through 7.12.0 Description The issue arises from the Keylime registrar implementing stricter type checking in version 7.12.0, causing it to reject data formats previously stored in the database by versions 7.8.0 and late...

4.3CVSS5.8AI score0.00365EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
โ€ขadded 2023/09/13 12:0 a.m.โ€ข26 views

Oracle Linux 9 : keylime (ELSA-2023-5080)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5080 advisory. - Fix registrar is subject to a DoS against SSL CVE-2023-38200 Resolves: rhbz2222694 Tenable has extracted the preceding description block directly fro...

7.5CVSS6.9AI score0.01142EPSS
Exploits0References3
Rows per page
Query Builder