473 matches found
Astra Linux - уязвимость в linux
The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP does not require that all fragments of a frame be encrypted with the same key. An adversary can exploit this weakness to decrypt selected fragments when another device sends fragmented...
Astra Linux - уязвимость в apache2
An integer overflow occurs when attempting to renew an ACME certificate. After several attempts approximately 30 days under default configurations, the backoff timer becomes 0. Subsequent attempts to renew the certificate are repeated without delay until success is achieved. This issue affects th...
[SECURITY] Fedora 43 Update: mod_md-2.6.11-2.fc43
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
[SECURITY] Fedora 44 Update: mod_md-2.6.11-2.fc44
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
The Latest Push to Extend Key US Spy Powers Is Still a Mess
A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors...
GHSA-P49J-V9WC-WG57 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
Impact OpenBao's namespaces provide multi-tenant separation. A tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. Patches This was addressed in v2.5.3...
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
Background OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Token renewals for other authentication methods do not require any supplied login...
GHSA-7CCV-RP6M-RFFR OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
Background OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Token renewals for other authentication methods do not require any supplied login...
EUVD-2026-24029
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate...
CVE-2026-40264
A flaw was found in OpenBao. OpenBao's multi-tenant separation feature allows a privileged administrator in one tenant to revoke or renew a token belonging to another tenant if that token's accessors are leaked. This unauthorized token management could lead to a denial of service for the affected...
CVE-2026-39388
A flaw was found in OpenBao, an open source identity-based secrets management system. When renewing tokens using the Certificate authentication method with disablebinding=true, the system incorrectly verifies the presented mTLS mutual Transport Layer Security certificate. This vulnerability allow...
SUSE CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the certificate authentication process when disablebinding=true is set. An attacker can extend the lifetime of dynamic leases held by the original token by renewing tokens using a sibling certificate a...
Improper Restriction of Security Token Assignment
Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...
CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, a tenant that leaks token accessors could have their token revoked or renewed by a privileged administrator in another tenant. This cross-namespace exposure is mitigated in version 2.5.3. The CVE entry not...
CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-39388
OpenBao (open source identity-based secrets management) prior to version 2.5.3 contains a flaw in the Certificate authentication method: when a token renewal is requested with disable_binding=true, the system attempts to verify that the presented mTLS certificate matches the original. Due to inco...