1675 matches found
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
CVE-2024-26931
A flaw was found in the qla2xxx module in the Linux kernel. A NULL pointer dereference can be triggered when the system is under memory stress and the driver cannot allocate memory to handle the error recovery of cable pull, causing a system crash and a denial of service. Mitigation Mitigation fo...
CVE-2024-32973
Pluto (a Lua 5.4 superset) is affected in versions prior to 0.9.3. An attacker who can intercept network traffic can present a specially-crafted certificate to cause Pluto to trust the remote for a TLS session, degrading transport integrity in the HTTP library and socket.starttls. The issue is ad...
CVE-2024-32973 Remote for TLS session may be trusted despite constraints in Pluto lang
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session...
DEBIAN-CVE-2024-26931
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
CVE-2024-26931
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
UBUNTU-CVE-2024-26931
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
CVE-2024-26931 scsi: qla2xxx: Fix command flush on cable pull
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
CVE-2024-26931 scsi: qla2xxx: Fix command flush on cable pull
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
CVE-2024-26931 scsi: qla2xxx: Fix command flush on cable pull
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
CVE-2024-26931
CVE-2024-26931 affects the Linux kernel driver for SCSI over Fibre Channel (scsi: qla2xxx). The issue arises when memory pressure prevents a command flush during cable pull recovery, causing the upper SCSI layer to modify scsi_cmnd improperly. When memory is freed and a subsequent cable pull trig...
CVE-2024-26931
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
Exposure Of Sensitive Information
github.com/openshift/cluster-monitoring-operator is vulnerable to Exposure of Sensitive Information. The vulnerability is due to an annotation in the telemeter-client pod in the openshift-monitoring namespace that contains the cluster's pull secret, which can be accessed by users with sufficient...
GHSA-X5M7-63C6-FX79 Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak
Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in the Go registry. For more information, see the discussion here. This link is maintained to preserve external references. Original Description A credentials leak vulnerability was found in th...
CVE-2024-1139 Cluster-monitoring-operator: credentials leak
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret...
CVE-2024-1139 Cluster-monitoring-operator: credentials leak
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret...
CVE-2024-1139
CVE-2024-1139 affects OpenShift Container Platform’s cluster-monitoring-operator. The root cause is a credentials leak where a repository pull secret can be accessed via pod manifest annotations (notably within the telemeter-client pod in openshift-monitoring). This could allow a user with basic ...
PT-2024-24738 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: The issue arises when the raw log builtin is called with memory or storage arguments to be used as topics, resulting in incorrect values being logged. This is due to the build IR function of the...
SUSE CVE-2024-26857
In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...