954 matches found
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: gitsign, tekton-chains, kubescape, tkn, slsa-verifier, falcoctl, falco, falcoctl-fips, neuvector-sigstore-interface, flux-source-controller, spire-server, apko, skaffold, policy-controller, aactl, ko, melange, wolfictl, tkn-fips, policy-controller-fips, vexctl,...
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: apko, falcoctl, flux-source-controller, spire-server, wolfictl, zarf, falco, tekton-chains, goreleaser, vexctl, policy-controller, skaffold, aactl, melange, tkn, kubescape, zot, gitsign, neuvector-sigstore-interface, ko, slsa-verifier...
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: apko, falcoctl, flux-source-controller, spire-server, wolfictl, zarf, falco, tekton-chains, goreleaser, vexctl, policy-controller, skaffold, aactl, melange, tkn, kubescape, zot, gitsign, neuvector-sigstore-interface, ko, slsa-verifier...
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: gitsign, tekton-chains, kubescape, tkn, slsa-verifier, falcoctl, falco, falcoctl-fips, neuvector-sigstore-interface, flux-source-controller, spire-server, apko, skaffold, policy-controller, aactl, ko, melange, wolfictl, tkn-fips, policy-controller-fips, vexctl,...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
GHSA-HP8H-7X69-4WMV zcap has incomplete expiration checks in capability chains.
Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...
zcap has incomplete expiration checks in capability chains.
Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...
Deserialization of Untrusted Data in timber/timber
Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...
SUSE-SU-2024:1179-1 Security update for gnutls
This update for gnutls fixes the following issues: Security issues fixed: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange bsc1217277. - CVE-2024-0567: Fixed an incorrect rejection of...
Denial Of Service
go is vulnerable to Denial Of Service. The vulnerability is due to insufficient handling of certificate chains containing certificates with unknown public key algorithms...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: oauth2-proxy, sigstore-scaffolding, apko, falcoctl, rabbitmq-messaging-topology-operator, grpc-health-probe, cloudflared, rook, flux-source-controller, argo-workflows, cosign, spire-server, weaviate, fulcio, wolfictl, zarf, temporal-ui-server, kots, dex, falco, step,...
BIT-NEO4J-2021-34371
Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...
BIT-GOLANG-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...
NIST Cybersecurity Framework 2.0
NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It al...
CVE-2023-52469 drivers/amd/pm: fix a use-after-free in kv_parse_power_table
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kvparsepowertable When ps allocated by kzalloc equals to NULL, kvparsepowertable frees adev-pm.dpm.ps that allocated before. However, after the control flow goes through the following call...
OESA-2024-1184 shim security update
Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints...
OESA-2024-1187 shim security update
Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints...
OESA-2024-1185 shim security update
Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints...