8 matches found
PT-2026-22574
Name of the Vulnerable Software and Affected Versions CGM CLININET system affected versions not specified Description The CGM CLININET system uses smart card authentication, but authentication happens locally on the client device. Instead of verifying the smart card and private key, only the...
Linux Distros Unpatched Vulnerability : CVE-2024-38825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by...
CVE-2024-38825
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...
UBUNTU-CVE-2024-38825
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...
CVE-2024-23218
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS1 v1.5 ciphertexts without having the...
Apple tvOS Security Breach
Apple tvOS is a smart TV operating system from Apple. A security vulnerability exists in Apple tvOS version 17.3, which allows an attacker to decrypt old RSA PKCS ciphertexts without a private key...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...