OESA-2025-2434 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

OESA-2025-2431 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

EUVD-2024-1221

Malicious code in bioql PyPI...

WordPress IP2Location Redirection plugin <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export vulnerability

Missing Authorization to Unauthenticated Settings Export vulnerability discovered by Krzysztof Zając in WordPress Plugin IP2Location Redirection versions = 1.33.3...

GHSA-HW42-3568-WJ87 google-oauth-java-client improperly verifies cryptographic signature

Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims e.g., iss, aud, etc.. Signature verification makes sure that the token's payload comes from valid provider, not from someone...

SUSE CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

GHSA-XH97-72WW-2W58 Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hw42-3568-wj87. This link is maintained to preserve external references. Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the...

UBUNTU-CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

MediaWiki 1.31.x < 1.31.7, 1.33.x < 1.33.3 and 1.34.0 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DirectAdmin 'mysql_backup'文件夹信息泄露漏洞

Bugtraq ID: 47693 DirectAdmin是一款功能强大的虚拟主机在线管理系统。 DirectAdmin把MySQL数据库备份文件创建在全局可读的"mysqlbackups"文件夹中，可导致泄露MySQL数据库备份内容。 要成功利用漏洞需要CustomBuild用于更新MySQL数据库，并且"mysqlbackup"设置为"yes"。 JBMC Software DirectAdmin 1.33.6 JBMC Software DirectAdmin 1.33.4 JBMC Software DirectAdmin 1.33.3 JBMC Software...

DirectAdmin 1.33.3 - &#039;/CMD_DB&#039; Backup Action Insecure Temporary File Creation

source: https://www.securityfocus.com/bid/34676/info DirectAdmin creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files. This could facilitate a complete...