CVE-2023-5255

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked...

CVE-2023-5255

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked...

CVE-2023-5255

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked...

Design/Logic Flaw

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked...

UBUNTU-CVE-2023-5255

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked...

CVE-2023-5255 Denial of Service for Revocation of Auto Renewed Certificates

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked...

CVE-2023-5255

CVE-2023-5255 describes a flaw in Puppet Server where certificates using the auto-renew feature cannot be revoked, per the NVD entry. The CVE notes an impact of high availability disruption (availability impact A:H) with no confidentiality or integrity impact, and no user interaction required. Th...

CVE-2023-4693

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

DEBIAN-CVE-2023-41900

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

GovernanceChainSCMgmtActivationAction : TIMELOCK_CANCELLER_ROLE is not set to the newEmergencySecurityCouncil

Lines of code Vulnerability details Impact newEmergencySecurityCouncil will not have the TIMELOCKCANCELLERROLE. Proof of Concept GovernanceChainSCMgmtActivationAction has the function perform which will be used to activate elections on Arbitrum One. while the function set and revoke the...

A malicious manager could revoke grants early and steal unvested tokens.

Lines of code Vulnerability details Impact A malicious manager can: Revoke a grant before its expiration. Take all tokens not yet vested/withdrawn based on the vesting schedule. Deprive the grant owner of tokens they should have later received if vesting continued. Proof of Concept A The...

A grant cannot be removed if the user has already claimed/withdrawn all his tokens beforehand

Lines of code Vulnerability details The revokeGrant is used to removes a grant. Any available vested tokens will be sent to the grant recipient. Any remaining unvested tokens will be sent to the vesting manager. But in the case when the user has already claimed all his tokens, the revokeGrant wil...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

Attacker can force users to delegate to SPONSORSHIP_ADDRESS

Lines of code Vulnerability details Impact An attacker can change the delegatee of a user who deposited into the vault to the SPONSORSHIPADDRESS address by calling one of the functions sponsor or sponsorWithPermit and giving the address of the user as receiver. The impact of this issue is that th...

The merkle tree might be revoked again after being used to claim rewards.

Lines of code Vulnerability details Impact The merkle tree might be revoked again after being used to claim rewards. Proof of Concept The governor can revoke the merkle tree using revokeTree. function revokeTree external onlyGovernorOrGuardian if disputer != address0 revert UnresolvedDispute;...

HashiCorp Vault's revocation list not respected

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...

GHSA-9MH8-9J64-443F HashiCorp Vault's revocation list not respected

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...