Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:49 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.1 Vulnerability Details CVEID:CVE-2024-27043 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal...

8.8CVSS10AI score0.02224EPSS
Exploits3Affected Software1
OpenVAS
OpenVAS
added 2024/11/06 12:0 a.m.54 views

openSUSE Security Advisory (SUSE-SU-2024:3911-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.6AI score0.97781EPSS
Exploits17References3
RedhatCVE
RedhatCVE
added 2024/09/26 9:44 p.m.8 views

CVE-2024-7594

A flaw was found in Hashicorp Vault. Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s...

7.5CVSS7.3AI score0.00269EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/26 7:52 p.m.9 views

CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2024/09/26 7:52 p.m.288 views

CVE-2024-7594

CVE-2024-7594 affects Vault’s SSH secrets engine. By default, if the fields valid_principals and default_user are not configured, an SSH certificate requested by an authorized user could authenticate as any user on the host. This is mitigated by upgrading to Vault Community Edition 1.17.6 or Vaul...

8.8CVSS7.8AI score0.00269EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/26 7:52 p.m.17 views

CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

7.5CVSS0.00269EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/09/26 7:32 p.m.8 views

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Summary Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be...

8.8CVSS6.9AI score0.00269EPSS
Exploits0Affected Software1
Rows per page
Query Builder