14 matches found
EUVD-2026-30365
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
EUVD-2024-17652
Malicious code in bioql PyPI...
No Limit on Number of Open Sessions / Bad Session Close Behaviour
...
SUSE CVE-2024-1930
No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the opensession D-Bus method. For each...
AZL-66105 CVE-2024-1930 affecting package dnf5 for versions less than 5.0.14-3
No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the opensession D-Bus method. For each...
CVE-2024-1930
No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the opensession D-Bus method. For each...
CVE-2024-1930
The CVE-2024-1930 issue affects dnf5daemon-server and is triggered by an unlimited number of sessions created via the D-Bus open_session() method. Each session spawns a thread, consuming memory (hundreds of MB per session), which can exhaust resources and render the service unable to accept new c...
CVE-2024-1930 No Limit on Number of Open Sessions / Bad Session Close Behaviour
No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the opensession D-Bus method. For each...
CVE-2024-1930 No Limit on Number of Open Sessions / Bad Session Close Behaviour
No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the opensession D-Bus method. For each...
DNF5 安全漏洞
DNF5 is a command line package manager from rpm-software-management open source. A security vulnerability exists in DNF5 daemon-server prior to version 5.1.17, which stems from a vulnerability that allows a malicious user to affect availability by not limiting the number of open sessions...
FlyteAdmin Insufficient AccessToken Expiration Check
Impact Authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Using flyteadmin as the OAuth2 Authorization Server is unaffected by this issue. Patches 1.1.30 Workarounds Rotating signing keys immediately will: Invalidate all...
GHSA-QWRJ-9HMP-GPXH FlyteAdmin Insufficient AccessToken Expiration Check
Impact Authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Using flyteadmin as the OAuth2 Authorization Server is unaffected by this issue. Patches 1.1.30 Workarounds Rotating signing keys immediately will: Invalidate all...
CVE-2022-31145 Insufficient AccessToken Expiration Check in FlyteAdmin
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...
Microsoft Internet Explorer Security Bypass Vulnerability (CNVD-2018-24940)
Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Internet Explorer IE is a Web browser that comes with the Windows operating system. A security feature bypass vulnerability exists in Microsoft IE version 11. A remote attacker with a...