7 matches found
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.1 Vulnerability Details CVEID:CVE-2024-27043 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal...
openSUSE Security Advisory (SUSE-SU-2024:3911-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-7594
A flaw was found in Hashicorp Vault. Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s...
CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
CVE-2024-7594
CVE-2024-7594 affects Vault’s SSH secrets engine. By default, if the fields valid_principals and default_user are not configured, an SSH certificate requested by an authorized user could authenticate as any user on the host. This is mitigated by upgrading to Vault Community Edition 1.17.6 or Vaul...
CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Summary Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be...