Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36031 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry. | |||||
| CVE-2024-38277 | 2024-06-27 | N/A | N/A | ||
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | |||||
| CVE-2024-6299 | 2024-06-25 | N/A | 4.8 MEDIUM | ||
| Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date | |||||
| CVE-2024-31893 | 2024-05-24 | N/A | 4.3 MEDIUM | ||
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. | |||||
| CVE-2024-31894 | 2024-05-24 | N/A | 4.3 MEDIUM | ||
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. | |||||
| CVE-2024-31895 | 2024-05-24 | N/A | 4.3 MEDIUM | ||
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. | |||||
| CVE-2022-24732 | 1 Maddy Project | 1 Maddy | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms. | |||||