46 matches found
Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...
GHSA-XM5M-WGH2-RRG3 Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...
PT-2026-32611
Name of the Vulnerable Software and Affected Versions Sigstore Timestamp Authority versions prior to 2.0.6 Description An authorization bypass exists in the timestamp-authority/v2/pkg/verification package. The VerifyTimestampResponse function correctly verifies the certificate chain signature, bu...
SUSE CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-33753 Improper Certificate Validation in rfc3161-client
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-33753
CVE-2026-33753 affects the Python library rfc3161-client (prior to 1.0.6). The vulnerability arises in the library’s signature verification when extracting the leaf certificate from an unordered PKCS#7 bag of certificates, enabling an attacker to append a forged certificate that matches the targe...
ALPINE-CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:0331-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0331-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE...
Medium: runfinch-finch
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
Missing Linux Kernel mitigations for 'TSA' hardware vulnerabilities (AMD-SB-7029)
The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
TencentOS Server 3: httpd:2.4 (TSSA-2025:0816)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0816 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-8861 Changing|TSA - Missing Authentication
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...
Changing TSA 访问控制错误漏洞
Changing TSA is a timestamp server from Panorama Changing Corporation in Taiwan, China. Changing TSA suffers from an Access Control Error vulnerability that stems from a lack of authentication, which could allow an unauthenticated, remote attacker to read, modify, and delete database contents...
Facial recognition: Where and how you can opt out
Our remote team recently took a trip to our Estonian office. When we arrived from our various destinations, we started chatting about how our travel had been. Our senior privacy advocate, David Ruiz, mentioned that he'd opted out of facial recognition while at San Francisco International Airport...
CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...
Juice jacking warnings are back, with a new twist
Remember juice jacking? It's a term that crops up every couple of years to worry travelers. This spring has seen another spate of stories, including a new, more sophisticated form of attack. But how much of a threat is it, really? Juice jacking is where an attacker uses a malicious public USB...
SQL Injection Attack on Airport Security
Interesting vulnerability: …a special lane at airport security called Known Crewmember KCM. KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated la...
tsa-uk.org.uk Cross Site Scripting vulnerability OBB-3937325
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Chocolate Swiss Army Knife
Its realistic looking. If I drop it in a bin with my keys and wallet, will the TSA confiscate it?...