17 matches found
CVE-2024-31127 MacOS Zscaler Client Connector Local Privilege Escalation
An improper verification of a loaded library in Zscaler Client Connector on Mac 4.2.0.241 may allow a local attacker to elevate their privileges...
CVE-2024-31127
CVE-2024-31127 affects Zscaler Client Connector for macOS prior to 4.2.0.241. The root cause is improper verification of a loaded library, enabling a local attacker to escalate privileges. Impact is local privilege escalation with HIGH confidentiality/integrity impact and low availability impact ...
CVE-2024-31127 MacOS Zscaler Client Connector Local Privilege Escalation
An improper verification of a loaded library in Zscaler Client Connector on Mac 4.2.0.241 may allow a local attacker to elevate their privileges...
CVE-2025-31127
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. Thi...
CVE-2025-31127
creationtimestamp| type| source ---|---|--- 2025-04-03 21:55:39+00:00| seen| https://t.me/cvedetector/22006...
CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. Thi...
CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. Thi...
CVE-2023-31127
The connected sources describe CVE-2023-31127 in libspdm: a vulnerability in SPDM session establishment where, if a device supports both DHE and PSK sessions with mutual authentication, an attacker could establish a session via KEY_EXCHANGE and PSK_FINISH to bypass mutual authentication. Affected...
CVE-2023-31127 DMTF-2023-0001: SPDM mutual authentication bypass
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
CVE-2023-31127 DMTF-2023-0001: SPDM mutual authentication bypass
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
CVE-2022-31127
creationtimestamp| type| source ---|---|--- 2022-07-06 22:14:30+00:00| seen| https://t.me/cibsecurity/45691...
@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +498 more potentially affected by CVE-2022-31127 via next-auth (>=4.10.3 <=4.5.0)
next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-31127 Source advisory: OSV:GHSA-PGJX-7F9G-9463...
CVE-2022-31127 Improper handling of email input in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...
CVE-2022-31127 Improper handling of email input in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...
CVE-2022-31127
CVE-2022-31127 affects NextAuth.js (Next.js) and describes an improper handling of email input at the signin email endpoint. An attacker could inject HTML into the email parameter, causing the HTML content to be rendered in an email sent to a user, enabling phishing. Remediation per sources: patc...
CVE-2021-31127
CVE-2021-31127 is rejected/not used and does not represent an active vulnerability entry.
CVE-2021-31127
...