CVE-2024-41092 drm/i915/gt: Fix potential UAF by revoke of fence registers

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915: Running...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to improper enforcement of permission revocation for open terminal sessions within websocket.go, which allows continued unauthorized access and the potential leakage of sensitive information even after...

GHSA-V8WX-V5JQ-QHHW The Argo CD web terminal session does not handle the revocation of user permissions properly

Argo CD v2.11.3 and before, discovering that even if the user's p, role:myrole, exec, create, /, allow permissions are revoked, the user can still send any Websocket message, which allows the user to view sensitive information. Even though they shouldn't have such access. Description Argo CD has ...

The Argo CD web terminal session does not handle the revocation of user permissions properly

Argo CD v2.11.3 and before, discovering that even if the user's p, role:myrole, exec, create, /, allow permissions are revoked, the user can still send any Websocket message, which allows the user to view sensitive information. Even though they shouldn't have such access. Description Argo CD has ...

CVE-2024-41666 The Argo CD web terminal session does not handle the revocation of user permissions properly.

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to...

RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System RHCS is a complete implementation of an enterprise software system designed to manage enterprise Public Key Infrastructure...

kernel update

4.18.0-553.5.1.el810.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

RHEL 7 : freeradius (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer...

RHEL 5 : freeradius (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - freeradius: Out-of-bounds write in radcoalesce CVE-2017-10979 - modules/rlmunix/rlmunix.c in FreeRADIUS...

GitLab 7.7 < 13.0.12 / 13.1 < 13.1.6 / 13.2 < 13.2.3 (CVE-2020-13294)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. CVE-2020-13294 Note that Nessus has not tested for this issue but has instead...

GitLab 7.11 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13302)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a us...

RHEL 6 : thunderbird (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - thunderbird: Memory corruption when processing S/MIME messages CVE-2021-43529 - thunderbird: Crafted emai...

GLSA-202405-08 : strongSwan: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-08 strongSwan: Multiple Vulnerabilities - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger...

RHEL 6 : openstack-keystone (RHSA-2013:1285)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1285 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-23560 HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-23560

The CVE-2024-23560 issue affects HCL DevOps Deploy / HCL Launch, arising from incomplete revocation of permissions when deleting a custom security resource type. Public details indicate potential integrity impact (I=HIGH) with no confidentiality/availability impact; CVSS base scores are MEDIUM. N...

CVE-2024-23560 HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from the...