133 matches found
CVE-2026-54099
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...
CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...
CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...
CVE-2026-54099
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...
PT-2026-51305
Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where the WICD CSR auto-approver validates that a Certificate Signing Request contains the organizatio...
SUSE-SU-2026:21824-1 Security update for leancrypto
This update for leancrypto fixes the following issues Security issue: - CVE-2026-34610: The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when stori...
Exploit for CVE-2026-29000
HackTheBox — Principal Difficulty: Medium OS: Linux...
crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed
...
Linux Distros Unpatched Vulnerability : CVE-2026-31699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmwa...
CVE-2026-31699
A flaw was found in the Linux kernel's crypto: ccp module. A local user could exploit a vulnerability where the system attempts to copy a Certificate Signing Request CSR to userspace even after a Platform Security Processor PSP command has failed. This can lead to a slab-out-of-bounds write,...
CVE-2026-31699
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...
CVE-2026-31699
Technical details about CVE-2026-31699 are not publicly available in the provided documents. Monitor for updates from OSV, Red Hat, SUSE, Debian and other trackers for affected products and fixes.
CVE-2026-31699
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2023-46673 DESCRIPTION: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling...
PT-2026-36329
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the crypto CCP component when retrieving the PEK CSR. If a firmware command fails, specifically due to an invalid length where the userspace buffer is too small, the...
CVE-2026-24070
CVE-2026-24070 describes a local privilege escalation in Native Instruments Native Access. The installer deploys a privileged helper (com.native-instruments.NativeAccess.Helper2) used via XPC to perform actions like copy-file, remove, or set-permissions. The XPC service restricts access to client...
CVE-2022-26481
An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request CSR action...
CVE-2025-14823
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...
EUVD-2025-204299
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...
CVE-2025-14823
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...