8 matches found
CVE-2026-11718
An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...
Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-42276)
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvmemapdata is called when request has physical segments, hence the nvmeunmapdata should have same condition to avoid dereference. This plugin only works with...
CVE-2024-42276
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvmemapdata is called when request has physical segments, hence the nvmeunmapdata should have same condition to avoid dereference...
CVE-2024-42276 nvme-pci: add missing condition check for existence of mapped data
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvmemapdata is called when request has physical segments, hence the nvmeunmapdata should have same condition to avoid dereference...
CVE-2024-42276 nvme-pci: add missing condition check for existence of mapped data
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvmemapdata is called when request has physical segments, hence the nvmeunmapdata should have same condition to avoid dereference...
CVE-2024-42276 nvme-pci: add missing condition check for existence of mapped data
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvmemapdata is called when request has physical segments, hence the nvmeunmapdata should have same condition to avoid dereference...
CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
CVE-2023-52770 f2fs: split initial and dynamic conditions for extent_cache
In the Linux kernel, the following vulnerability has been resolved: f2fs: split initial and dynamic conditions for extentcache Let's allocate the extentcache tree without dynamic conditions to avoid a missing condition causing a panic as below. create a file w/ a compressed flag disable the...