755 matches found
CVE-2024-8642
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-8642
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-8642
CVE-2024-8642 affects Eclipse Dataspace Components: versions 0.5.0 up to before 0.9.0 suffer from a missing token validity check in ConsumerPullTransferTokenValidationApiController (expiry, not-before, issuance date). This can enable bypass of token expiration protections when a dataplane is conf...
Eclipse Dataspace Components 安全漏洞
Eclipse Dataspace Components is a development connector for Eclipse Dataspace Components open source. A security vulnerability exists in Eclipse Dataspace Components version 0.5.0 through versions prior to 0.9.0 that stems from not checking for token validity, which could allow an attacker to...
Expired OTP Usage
Keycloak is vulnerable to Expired OTP Usage. The vulnerability is due to OTP codes generated by FreeOTP remaining valid for an additional 30 seconds beyond their expiration time, increasing the attack window and surface by allowing two OTPs to be valid simultaneously...
SUSE CVE-2024-45005
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
CVE-2024-45005
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
CVE-2024-45005
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
UBUNTU-CVE-2024-45005
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
CVE-2024-45005
CVE-2024-45005 affects the Linux kernel KVM on s390. The issue is a validity interception in the SIE path when gisa is disabled, caused by passing an uninitialized gisa origin to virt_to_phys() and then writing it into the gisa designation. The fix returns 0 in kvm_s390_get_gisa_desc() if origin ...
CVE-2024-45005
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a SIE validity issue that may be encountered when GISA is disabled...
SMTP User Enumeration Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...
The vulnerability of the Portainer container management platform, related to improper user management, allows a hacker to determine whether a user’s name is valid or not.
The vulnerability of the Portainer container management platform is related to the difference in user authentication response time. Exploiting this vulnerability allows a remote attacker to determine whether the user’s name is valid or not...
CVE-2023-52901 usb: xhci: Check endpoint is valid before dereferencing it
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint. Fix...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the f2fs file system to properly handle scenarios where blkaddr is valid when processing...
usb: typec: tcpm: Check for port partner validity before consuming it
...