Security Vulnerabilities
The Uniffle HTTP client is configured to trust all SSL certificates and
disables hostname verification by default. This insecure configuration
exposes all REST API communication between the Uniffle CLI/client and the
Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks.
This issue affects all versions from before 0.10.0.
Users are recommended to upgrade to version 0.10.0, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-01-07
Cryptographic issue may occur while encrypting license data.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-01-07
Memory corruption while processing a secure logging command in the trusted application.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Memory corruption while processing identity credential operations in the trusted application.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Memory Corruption when multiple threads concurrently access and modify shared resources.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-01-07
Memory corruption while preprocessing IOCTLs in sensors.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Memory corruption while processing shared command buffer packet between camera userspace and kernel.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-07
Memory corruption while parsing clock configuration data for a specific hardware type.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-07
Memory corruption while performing sensor register read operations.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-01-07