keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

GHSA-27JC-JMP8-QFW5 Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Laye...

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

EUVD-2017-7027

Malware in sbrugna...

CVE-2025-54632

Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity...

CVE-2025-54632

Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity...

CVE-2025-54632

CVE-2025-54632 affects Huawei HarmonyOS/HVB module. The connected documents indicate the vulnerability stems from insufficient data length verification in the HVB module, with potential impact on service integrity (I/H, A/H), as reflected in multiple CVSS vectors (base scores 4.6–6.8). Exploitati...

CVE-2025-46823 OpenMRS has Vulnerability in FHIR2 Module Privileges

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not...

CVE-2022-39898

Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim...

Fedora 39 : perl-Data-UUID (2024-a58a7e2388)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a58a7e2388 advisory. This update fixes CVE-2013-4184 possible symlink attack due to use of predictable temporary file names. The module no longer saves state in temporary files a...

CVE-2022-44790

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker exploits the vulnerability to modify desktop module data...

CVE-2022-39001

The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure...

CVE-2021-40022

The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality...

DRUPAL-CONTRIB-2021-010

This Open Social distribution provides a turn-key system for building customized social networks. The module doesn't sufficiently process data in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access mentions"...

CVE-2013-4184

Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks...

ansible: unsafe template evaluation of returned module data can lead to information disclosure

A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...

ansible: unsafe template evaluation of returned module data can lead to information disclosure

A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...