CVE-2026-24408

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. OAuthSession creates a unique "state" and sends it as a parameter in the authentication request bu...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

SUSE CVE-2009-3620

The ATI Rage 128 aka r128 driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine CCE state initialization, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly gain privileges via unspecified ioctl...

SUSE CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...