CVE-2025-26620

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

CVE-2025-26620

creationtimestamp| type| source ---|---|--- 2025-02-18 18:16:23+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihulptmz52n 2025-02-18 20:59:45+00:00| seen| https://t.me/cvedetector/18347...

CVE-2025-26620

CVE-2025-26620 describes a race condition in Duende.AccessTokenManagement when multiple concurrent requests for client credentials tokens use varying TokenRequestParameters. The issue can cause concurrent requests to return tokens with incorrect protocol parameters (scope, resource indicator, etc...

CVE-2025-26620 Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

CVE-2025-26620 Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

USN-6819-2: Linux kernel vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

SUSE CVE-2024-26620

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

CVE-2024-26620 s390/vfio-ap: always filter entire AP matrix

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

CVE-2024-26620

CVE-2024-26620 affects the Linux kernel’s s390 VFIO AP mediated devices (vfio-ap). The issue stems from vfio_ap_mdev_filter_matrix: when a new adapter or domain is assigned to an mdev, only the APID/APQI for the new item was inspected. This could leave AP queues bound to no driver exposed to a gu...

CVE-2022-26620

creationtimestamp| type| source ---|---|--- 2022-03-27 07:32:49+00:00| seen| https://t.me/cibsecurity/39587...

CVE-2022-26620

...

CVE-2022-26620

CVE-2022-26620 entry rejected; not used and not a security issue, per the initial description.

CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

CVE-2021-26620 IPTIME NAS2dual improper authentication vulnerability

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

CVE-2021-26620

The CVE-2021-26620 entry describes an improper authentication vulnerability in iptime NAS2dual. The issue allows remote attackers to access a shared folder and alter a user’s password due to insufficient authentication, enabling potential information leakage. Reported impacts include exposure of ...