Vulnerabilities > Keylime

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-38201 A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration.
low complexity
keylime redhat fedoraproject
6.5
2023-07-24 CVE-2023-38200 Excessive Iteration vulnerability in multiple products
A flaw was found in Keylime.
network
low complexity
keylime redhat fedoraproject CWE-834
7.5
2023-07-19 CVE-2023-3674 A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason.
local
low complexity
keylime fedoraproject
2.8
2022-11-22 CVE-2022-3500 A vulnerability was found in keylime.
local
high complexity
keylime redhat fedoraproject
5.1
2022-09-21 CVE-2021-43310 Authentication Bypass by Spoofing vulnerability in Keylime
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier.
network
low complexity
keylime CWE-290
critical
9.8
2022-09-21 CVE-2022-23948 Unspecified vulnerability in Keylime
A flaw was found in Keylime before 6.3.0.
network
low complexity
keylime
7.5
2022-09-21 CVE-2022-23949 Authentication Bypass by Spoofing vulnerability in Keylime
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
network
low complexity
keylime CWE-290
7.5
2022-09-21 CVE-2022-23950 Exposure of Resource to Wrong Sphere vulnerability in Keylime
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
network
low complexity
keylime CWE-668
7.5
2022-09-21 CVE-2022-23951 Unspecified vulnerability in Keylime
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
local
low complexity
keylime
5.5
2022-09-21 CVE-2022-23952 Unspecified vulnerability in Keylime
In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.
network
low complexity
keylime
7.5