9 matches found
PYSEC-2025-77
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...
EUVD-2019-13494
Malware in sbrugna...
CVE-2022-39199
immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and...
CVE-2022-24781
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists...
CVE-2022-39199 Lack of proper validation in immudb
immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and...
CVE-2022-24781
Geon (board game) is affected by an authorization issue where malicious users can obtain another user’s uuid, spoof it in the browser console, and take co-ownership of a target session. The root cause is an insecure handling of session ownership tied to UUIDs, enabling session takeover without au...
CVE-2019-3884
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected...
CVE-2019-3884
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected...
CVE-2019-3884
CVE-2019-3884 affects atomic-openshift garbage collection; cross-namespace UUID spoofing can delete children. Affected: OpenShift/atomic-openshift versions 3.6–4.1. Remediation in Red Hat advisory RHSA-2020:5634: upgrade OpenShift Container Platform to 4.7.0 (and apply the listed fixes). Other do...