10036 matches found
keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
CVE-2025-66598
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVR...
CVE-2025-66598
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVR...
keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
PT-2026-7172
Name of the Vulnerable Software and Affected Versions SumatraPDF versions 3.5.0 through 3.5.2 Description SumatraPDF’s update process has a flaw where TLS hostname verification is disabled INTERNET FLAG IGNORE CERT CN INVALID and installers are executed without signature verification. This allows...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls. This vulnerability stems from the possibility of remote, unverified attackers sending specially crafted...
Yokogawa FAST/TOOLS 安全漏洞
Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 version up to R10.04. These vulnerabilities stem from the support for older versions of SSL/TLS, which...
PT-2026-7193
Name of the Vulnerable Software and Affected Versions Cube versions 1.1.17 through 1.5.12 and 1.4.1 Description Cube, a semantic layer for building data applications, is susceptible to a condition where a specially crafted request to a Cube API endpoint can render the entire Cube API unavailable...
Cube 安全漏洞
Cube is a semantic layer developed by Cube OpenSource for building data applications. Versions of Cube from 1.1.17 to 1.5.13, as well as 1.4.2, contained security vulnerabilities. These vulnerabilities stemmed from the possibility of the entire API service becoming unavailable when specially...
Critical: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...
ALSA-2026:2224 Critical: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...
RHEL 10 : keylime (RHSA-2026:2298)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2298 advisory. Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime:...
CVE-2025-61730
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...
SUSE CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
CVE-2026-25644 DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade
DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...
Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Laye...
GHSA-27JC-JMP8-QFW5 Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Laye...
CVE-2026-1709
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
CVE-2026-1709
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
EUVD-2026-5599
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...