kernel: wifi: mac80211: fix potential sta-link leak

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet e.g. during connection to an AP MLD, we might remove the station without ever marking links valid, and leak them. F...

The vulnerability of the TOTP (Time-based One-Time Password) algorithm used by the SINEMA Remote Connect VPN service allows a perpetrator to bypass the authentication process.

The vulnerability of the TOTP Time-based One-Time Password algorithm used by the SINEMA Remote Connect VPN service lies in the incorrect validity period of the session. Exploiting this vulnerability could allow an attacker to bypass the authentication process remotely...

CVE-2021-35473

An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4...

CVE-2024-50253 bpf: Check the validity of nr_words in bpf_iter_bits_new()

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nrwords in bpfiterbitsnew Check the validity of nrwords in bpfiterbitsnew. Without this check, when multiplication overflow occurs for nrbits e.g., when nrwords = 0x0400-0001, nrbits becomes 64, stack...

CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature...

CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature...

DEBIAN-CVE-2024-50107

In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmccoreiounmap to call iounmap for valid addresses Commit 50c6dbdfd16e "x86/ioremap: Improve iounmap address range checks" introduces a WARN when adrress ranges of iounmap are invalid. On Thinkpad P1 G...

GHSA-8PMP-678W-C8XX gitsign may use incorrect Rekor entries during verification

Summary gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. Details gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payloa...

gitsign may use incorrect Rekor entries during verification

Summary gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. Details gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payloa...

PT-2024-34879 · Gitsign +1 · Gitsign +1

Name of the Vulnerable Software and Affected Versions: gitsign affected versions not specified Description: The issue arises when gitsign uses Rekor's search API to fetch entries for signature verification, using parameters such as the public key and the payload. However, the search API returns...

CVE-2024-45005

...

VulnCheck KEV: CVE-2023-4320

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2024-41987

The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...

Unspecified vulnerability in Linux kernel (CNVD-2024-40275)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from not checking the validity of indexes. No details of the vulnerability are provided at this time...

DEBIAN-CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

CVE-2024-46837 drm/panthor: Restrict high priorities on group_create

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

SUSE CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

GHSA-8259-2X72-2GVC Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...