Lucene search
K

53 matches found

Chainguard
Chainguard
added 2026/05/06 7:17 p.m.13 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: cerbos, opentelemetry-collector-contrib, pgtimetable-fips, timescaledb-parallel-copy, pgwatch, certificate-transparency-fips, caddy-fips, bento, gitlab-kas-fips, gitaly-fips, grafana-fips, peerdb-flow, grafana-alloy, hydra, zitadel, openfga-fips, telegraf,...

9.8CVSS5.8AI score0.00356EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.11 views

SUSE CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References3
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.9 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: tkn, argo-events, external-secrets-operator, apko, dataplaneapi, gcsfuse, k3s, argocd-image-updater, otel-cli, pulumi-language-java, rancher, yunikorn-k8shim, k8s-device-plugin, swagger, goreleaser, terraform-provider-tls, certificate-transparency, helm-set-status,...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/10 8:18 p.m.4 views

GHSA-9QQ8-CGCV-QMC9 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6
CVE
CVE
added 2026/04/10 4:34 p.m.15 views

CVE-2026-40097

CVE-2026-40097 affects Step CA (online CA for secure, automated certificate management). From version 0.24.0 up to before 0.30.0-rc3, an attacker can trigger an index-out-of-bounds panic during TPM device attestation by sending a crafted attestation key certificate with an empty EKU extension. Sp...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:34 p.m.7 views

CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31991

Name of the Vulnerable Software and Affected Versions Step CA versions 0.24.0 through 0.30.0-rc3 Description An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

Smallstep step-ca 输入验证错误漏洞

Smallstep step-ca is an online certificate authority for DevOps security and automated certificate management provided by the Smallstep company in the United States. Versions of Smallstep step-ca prior to 0.30.0-rc3 contained a vulnerability related to input validation errors. This vulnerability...

3.7CVSS5.8AI score0.00181EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 2:48 a.m.9 views

CLEANSTART-2026-GM09342 Security fixes for CVE-2025-68121, CVE-2026-26958, ghsa-fw7p-63qq-7hpr, ghsa-mqqf-5wvp-8fh8 applied in versions: 0.29.0-r0, 0.29.0-r1

Multiple security vulnerabilities affect the step-ca-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.7AI score0.00765EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-30836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against...

10CVSS5.7AI score0.00296EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 6:14 p.m.8 views

GO-2026-4775 step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) in github.com/smallstep/certificates

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq MessageType=18 in github.com/smallstep/certificates...

10CVSS5.8AI score0.00296EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.3 views

SUSE CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS5.7AI score0.00296EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 9:17 p.m.14 views

CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS0.00296EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/19 9:17 p.m.5 views

CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS6.2AI score0.00296EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 8:37 p.m.6 views

CVE-2026-30836

CVE-2026-30836 affects step-ca (github.com/smallstep/certificates). The issue allows unauthenticated certificate issuance via SCEP UpdateReq (MessageType=18) due to inadequate protection in UpdateReq handling. Affected versions are 0.30.0-rc6 and below; the vulnerability is fixed in version 0.30....

10CVSS5.7AI score0.00296EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/19 8:37 p.m.18 views

CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS0.00296EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 8:37 p.m.9 views

CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS6.2AI score0.00296EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/19 4:27 p.m.8 views

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that were...

10CVSS6.4AI score0.00296EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/19 4:27 p.m.10 views

EUVD-2026-13200

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq MessageType=18...

10CVSS5.8AI score0.00296EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 4:27 p.m.2 views

GHSA-Q4R8-XM5F-56GW step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that were...

10CVSS6.4AI score0.00296EPSS
Exploits0References5
Rows per page
Query Builder