FreeBSD : FreeBSD -- Certificate revocation list fetch(1) option fails (ce0f52e1-a174-11ef-9a62-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ce0f52e1-a174-11ef-9a62-002590c1f29c advisory. The fetch3 library uses environment variables for passing certain information, including the revocation...

CVE-2024-45289

The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...

CVE-2024-45289

CVE-2024-45289 affects FreeBSD: the fetch(3) library uses environment variables to pass info, including the revocation file pathname, but the fetch(1) option name was incorrect and effectively ignored the option. As a result, FreeBSD could connect to a host presenting a certificate listed in the ...

CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer

The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...

CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer

The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...

kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers

A use-after-free was found in drivers/gpu/drm/i915/gt/intelggttfencing.c in the Linux kernel. This issue can be caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other,...

BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365

TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum...

UBUNTU-CVE-2024-50106

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and freestateid There is a race between laundromat handling of revoked delegations and a client sending freestateid operation. Laundromat thread finds that delegation has expired and needs to be...

CVE-2024-50106

The CVE-2024-50106 entry concerns the Linux kernel (nfsd) and describes a race between laundromat handling revoked delegations and a client issuing free_stateid, which can lead to a use-after-free of a delegation stateid if a new open finds a non-empty lease list and dereferences a freed stateid....

CVE-2024-50106 nfsd: fix race between laundromat and free_stateid

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and freestateid There is a race between laundromat handling of revoked delegations and a client sending freestateid operation. Laundromat thread finds that delegation has expired and needs to be...

CVE-2024-50106 nfsd: fix race between laundromat and free_stateid

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and freestateid There is a race between laundromat handling of revoked delegations and a client sending freestateid operation. Laundromat thread finds that delegation has expired and needs to be...

kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers

A use-after-free was found in drivers/gpu/drm/i915/gt/intelggttfencing.c in the Linux kernel. This issue can be caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other,...

kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers

A use-after-free was found in drivers/gpu/drm/i915/gt/intelggttfencing.c in the Linux kernel. This issue can be caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other,...

RHEL 5 : Red Hat Certificate System 8 (RHSA-2017:2560)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2560 advisory. Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure PKI...

The vulnerability of the X509_V_FLAG_CRL_CHECK component in the OpenSSL cryptographic library allows a attacker to trigger a service failure.

The vulnerability of the X509VFLAGCRLCHECK component in the OpenSSL cryptographic library is related to reading data beyond the memory boundaries. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

PT-2024-31541 · Fetch +1 · Fetch +1

Name of the Vulnerable Software and Affected Versions: fetch versions affected versions not specified Description: The issue arises from the fetch3 library's use of environment variables to pass information, including the revocation file pathname. However, the environment variable name used by...

FreeBSD -- Certificate revocation list fetch(1) option fails

Problem Description: The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Impact: Fetch would still...

FreeBSD-SA-24:19.fetch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:19.fetch Security Advisory The FreeBSD Project Topic: Certificate revocation list fetch1 option fails Category: core Module: fetch Announced: 2024-10-29...

PT-2024-40052 · Unknown · Openrefine

Name of the Vulnerable Software and Affected Versions: OpenRefine version 3.8.2 Description: The issue concerns the exposure of Google API authentication keys, specifically the client id and client secret, within OpenRefine releases. These keys can be extracted from released artifacts, such as th...

PT-2024-10027

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a race condition between the laundromat handling of revoked delegations and a client sending a free stateid operation in the Linux kernel's NFS server. This can...