GHSA-RV2Q-F2H5-6XMG OpenClaw's Node role device-identity bypass allows unauthorized node.event injection

Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...

OpenClaw's Node role device-identity bypass allows unauthorized node.event injection

Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...

TencentOS Server 3: booth (TSSA-2022:0232)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0232 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2023-33566

CVE-2023-33566 is rejected; this entry does not represent an active vulnerability.

Atomix has an unspecified vulnerability (CNVD-2021-101702)

Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. An unspecified vulnerability exists in Atomix version 3.1.5. The vulnerability allows an unauthorized Atomix node to join the target cluster by providing configuration information. No detailed vulnerability details are...

CVE-2020-35209

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...

Information disclosure

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...

CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShif...

JGroups: Authorization bypass

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...