openSUSE: Security Advisory for mokutil (SUSE-SU-2022:2633-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for mokutil (SUSE-SU-2022:2638-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2638-1 Security update for mokutil

This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. bsc1198458 New options added see manpage: - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy latest | previous | delete To set the SBAT acceptance policy. - mokutil...

SUSE-SU-2022:2637-1 Security update for mokutil

This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. bsc1198458 New options added see manpage: - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy latest | previous | delete To set the SBAT acceptance policy. - mokutil...

SUSE-SU-2022:2636-1 Security update for mokutil

This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. bsc1198458 New options added see manpage: - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy latest | previous | delete To set the SBAT acceptance policy. - mokutil...

SUSE-SU-2022:2635-1 Security update for mokutil

This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. bsc1198458 New options added see manpage: - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy latest | previous | delete To set the SBAT acceptance policy. - mokutil...

SUSE-SU-2022:2633-1 Security update for mokutil

This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. bsc1198458 New options added see manpage: - mokutil --set-sbat-policy latest | previous | delete to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations...

PT-2022-37508 · Mokutil · Mokutil

Name of the Vulnerable Software and Affected Versions: mokutil affected versions not specified Description: The issue concerns the addition of SBAT revocation support to mokutil. New options have been added to the mokutil command, including mokutil --sbat to list all entries in SBAT, mokutil...

Design/Logic Flaw

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the...

CVE-2022-30698

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the...

Gitlab -- multiple vulnerabilities

Gitlab reports: Revoke access to confidential notes todos Pipeline subscriptions trigger new pipelines with the wrong author Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email Import via git protocol allows to...

CVE-2022-33926

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked...

CVE-2022-2447

A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...

Mozilla Thunderbird Security Advisory (MFSA2022-15) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Stripo Inc: Non-revoked API Key Information disclosure via Stripo_report()

Talking about 983331 reports where a security researcher reported secret API key leakage vulnerability in a JavaScript file at Stripo. This report is disclosed on HackerOne, and the team at Stripo have forgotten to blur the API keys from the report before disclosing it to the public. The API keys...

CVE-2022-31050

TYPO3 Admin Tool sessions could remain valid after a user account was degraded or disabled, enabling prolonged access in the admin interface prior to the fixes. The vulnerability affects TYPO3 CMS and was addressed by updates in 9.5.34 ELTS, 10.4.29, and 11.5.11, per CVE-2022-31050 disclosures. T...

GHSA-H564-6GC2-FCC6 Mattermost Server allows users with a session ID to revoke another users' session

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

Mattermost Server allows users with a session ID to revoke another users' session

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

GHSA-22Q6-WWQ7-2JJ9 OpenStack Keystone Improper Authentication vulnerability

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...

GHSA-V8FQ-GQ9J-3V7H OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...