6 matches found
CVE-2026-45041 RustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgery
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...
CVE-2026-45041
CVE-2026-45041 affects RustFS prior to 1.0.0-beta.2, where crates/appauth/src/token.rs embeds a 2048-bit RSA private key (TEST_PRIVATE_KEY) as a string constant and uses it in production to verify licenses. This allows anyone who can read the source or extract the key from binaries to mint arbitr...
CVE-2023-21410
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution...
CVE-2023-21409 Insufficient file permissions leak administrator-privileged credentials in AXIS License Verifier ACAP
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application...
CVE-2023-21409 Insufficient file permissions leak administrator-privileged credentials in AXIS License Verifier ACAP
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application...
CVE-2023-21408 Insufficient file permissions leak user credentials of 3rd party integration interfaces in AXIS License Verifier ACAP
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems...