Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

gnutls: rejects certificate chain with distributed trust

A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control...

PT-2024-40951 · Crates.Io · Linkme

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Software affected versions not specified Description: The issue allows populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of ty...

South River WebDrive Security Vulnerability

South River WebDrive is a software from South River that can map cloud storage or enterprise file servers to local drives. A security vulnerability exists in South River WebDrive version 18.00.5057 that stems from the component New Secure WebDAV that causes a denial of service...

Low: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containers

Red Hat OpenShift distributed tracing 3.1.0 Red Hat Product Security has rated this update as having a security impact of "Low". A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to...

CVE-2024-24825

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

PYSEC-2024-125

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

Design/Logic Flaw

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

CVE-2024-24825

DIRAC’s TokenManager vulnerability (CVE-2024-24825) affects DIRAC before version 8.0.37, allowing any user to obtain a token requested by another user/agent and potentially expose resources. The issue is fixed in 8.0.37; upg rade to that release. Other sources (GitHub advisory GHSA-59qj-jcjv-662j...

DIRAC's TokenManager does not check permissions on cached tokens

Any user could get a token that has been requested by another user/agent...

Information disclosure

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

Improper Verification Of Cryptographic Signature

gnutls is vulnerable to Improper Verification Of Cryptographic Signature. The vulnerability is due to improper handling of certificate chains with distributed trust, particularly when used with cockpit and validated through cockpit-certificate-ensure. This allows an unauthenticated attacker to...

CVE-2024-24565

Summary: CVE-2024-24565 affects CrateDB. An issue in the COPY FROM function lets authenticated users import arbitrary file content into database tables, causing information leakage. What’s affected: CrateDB (all current versions prior to the patch channels) with COPY FROM functionality that reads...

Kafka vs RabbitMQ

An Intro to Kafka and RabbitMQ: The Masters of Messaging In the realm of messaging systems, two names stand out: Kafka and RabbitMQ. These two powerhouses have become the go-to solutions for developers and organizations looking to handle high-volume, real-time data processing and messaging. But...

gnutls: rejects certificate chain with distributed trust

A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...

Gnutls: rejects certificate chain with distributed trust

...

SUSE CVE-2024-0567

A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...

USN-6559-1: ZooKeeper vulnerabilities

It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2019-0201 Damien Diederen discovered that ZooKeeper...