Nginx-UI: Disabled users retain full API access through previously issued bearer tokens

Summary A user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacker who already stole a JWT can continue reading and modifying protected...

SUSE CVE-2024-50209

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Add a check for memory allocation allocpbl can return error when memory allocation fails. Driver is not checking the status on one of the instances...