Lucene search
K

19 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: keys: Fixed the issue where the expiration time of a key was overwritten during instantiation, causing it to become permanent. This issue causes problems with DNS resolution, as the expiration time set by user-space is overwritte...

9.8CVSS6.2AI score0.00747EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 7:59 p.m.8 views

CLSA-2026-1778766810 samba: Fix of CVE-2023-0922

CVE-2023-0922: set default ldap client sasl wrapping to seal - Refresh samba-pubkeyAA99442FB680B620.gpg expiry extended to 2027-12-12...

5.9CVSS6.5AI score0.00484EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 9:31 a.m.5 views

EUVD-2026-12544

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:37 a.m.1 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/17 6:37 a.m.33 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS0.00152EPSS
Exploits0References1
Veeam
Veeam
added 2026/03/16 12:0 a.m.24 views

How to Manually Update GPG key on Veeam Appliances

Article Applicability This article is specifically regarding the Veeam Appliances used in conjunction with Veeam Backup & Replication 13. Including the Veeam Software Appliance, Veeam Infrastructure Appliance, and Veeam Hardened Repository deployed from the Veeam Infrastructure Appliance. For...

5.7AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990735)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990735 advisory. In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionall...

9.8CVSS6AI score0.00747EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47416

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2025/09/08 2:13 p.m.4 views

GO-2025-3921 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder...

7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/28 7:36 p.m.8 views

Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token

Summary If users log in to Coder via OIDC, and the OpenID Identity Provider does not return a refresh token, then Coder may allow their web session to continue beyond the expiration of the token returned by the OpenID Identity Provider. Details When a user logs in via OIDC, Coder stores the OIDC...

6.6AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.9 views

CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS7AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2024/07/26 11:8 a.m.6 views

OESA-2024-1897 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: PCI: ofproperty: Return error for intmap allocation failure Return -ENOMEM from ofpcipropintrmap if kcalloc fails to prevent a NULL pointer dereference in this...

9.8CVSS4.6AI score0.00747EPSS
Exploits0References43
NVD
NVD
added 2024/06/25 1:15 p.m.23 views

CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/25 1:2 p.m.29 views

CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS0.00161EPSS
Exploits0References2
CVE
CVE
added 2024/06/25 1:2 p.m.54 views

CVE-2024-6299

Conduit versions prior to v0.8.0 are affected by CVE-2024-6299 due to improper handling of key expiry during signature validation. An attacker who has compromised an expired key can forge requests to the remote server and craft PDUs with timestamps past expiry. The root cause is lack of considera...

4.8CVSS4.7AI score0.00161EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/25 12:0 a.m.7 views

PT-2024-37521 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit affected versions not specified Description: The issue is related to the lack of consideration of key expiry when validating signatures in Conduit. This allows an attacker who has compromised an expired key to forge requests as the...

4.8CVSS6.9AI score0.00161EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/06/01 2:24 a.m.3 views

SUSE CVE-2024-36031

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set ...

5.5CVSS6.7AI score0.00747EPSS
Exploits0References13
OSV
OSV
added 2024/05/30 4:15 p.m.1 views

DEBIAN-CVE-2024-36031

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set ...

9.8CVSS5.6AI score0.00747EPSS
Exploits0References1
OSV
OSV
added 2024/05/30 4:15 p.m.1 views

UBUNTU-CVE-2024-36031

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set ...

9.8CVSS6.2AI score0.00747EPSS
Exploits0References24
Rows per page
Query Builder