1998 matches found
FreeBSD-SA-24:19.fetch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:19.fetch Security Advisory The FreeBSD Project Topic: Certificate revocation list fetch1 option fails Category: core Module: fetch Announced: 2024-10-29...
PT-2024-40052 · Unknown · Openrefine
Name of the Vulnerable Software and Affected Versions: OpenRefine version 3.8.2 Description: The issue concerns the exposure of Google API authentication keys, specifically the client id and client secret, within OpenRefine releases. These keys can be extracted from released artifacts, such as th...
PT-2024-10027
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a race condition between the laundromat handling of revoked delegations and a client sending a free stateid operation in the Linux kernel's NFS server. This can...
PT-2025-14098
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.31 MongoDB Server versions prior to 6.0.20 MongoDB Server versions prior to 7.0.16 MongoDB Server versions prior to 8.0.4 Description A MongoDB server running on Linux with TLS and CRL revocation status...
The vulnerability of the HDMI component in the Linux operating system’s kernel allows for a malfunction to occur, leading to service failure.
The vulnerability of the HDMI component in the Linux operating system is related to the cancellation of device code registration when binding is revoked. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the StrongSwan client’s revocation VPN plugin, related to uncontrolled resource consumption, allows a violator to trigger a service failure.
The vulnerability of the StrongSwan client’s revocation VPN plugin is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service interruptions...
GO-2023-1897 HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault
HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
GO-2024-3006 The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd
The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd...
GHSA-P78H-M8PV-G9GM Apereo CAS vulnerable to credential leaks for LDAP authentication
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...
DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight
Certificate authority CA DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificate...
DigiCert Certificate Revocations
Update 9:00 a.m., EDT, July 31, 2024: DigiCert has provided updated information and revocation timelines which can be found by visiting: https://status.digicert.com/link is external CISA encourages customers to contact DigiCert if unable to reissue/rekey certificates by the updated revocation...
AZL-47549 CVE-2024-41092 affecting package kernel for versions less than 6.6.43.1-7
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...
CVE-2024-41092
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...
UBUNTU-CVE-2024-41092
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...
CVE-2024-41092 drm/i915/gt: Fix potential UAF by revoke of fence registers
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...
CVE-2024-41092 drm/i915/gt: Fix potential UAF by revoke of fence registers
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...
Information Disclosure
github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to improper enforcement of permission revocation for open terminal sessions within websocket.go, which allows continued unauthorized access and the potential leakage of sensitive information even after...
GHSA-V8WX-V5JQ-QHHW The Argo CD web terminal session does not handle the revocation of user permissions properly
Argo CD v2.11.3 and before, discovering that even if the user's p, role:myrole, exec, create, /, allow permissions are revoked, the user can still send any Websocket message, which allows the user to view sensitive information. Even though they shouldn't have such access. Description Argo CD has ...
The Argo CD web terminal session does not handle the revocation of user permissions properly
Argo CD v2.11.3 and before, discovering that even if the user's p, role:myrole, exec, create, /, allow permissions are revoked, the user can still send any Websocket message, which allows the user to view sensitive information. Even though they shouldn't have such access. Description Argo CD has ...