CVE-2024-38368

CVE-2024-38368 concerns CocoaPods trunk authentication server vulnerability where unclaimed pods could be claimed or where all owners could be removed, enabling takeover of pods migrated from the pre-2014 workflow to trunk. The issue stems from how ownership was managed on CocoaPods’ trunk server...

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38367

CVE-2024-38367 concerns the CocoaPods trunk authentication server (trunk.cocoapods.org). The underlaying issue was a vulnerability in the trunk sessions verification step that could be manipulated to hijack the owner’s session, potentially yielding a full takeover of the CocoaPods trunk account. ...

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38366

CVE-2024-38366 affects CocoaPods Trunk Server (trunk.cocoapods.org). The flaw stems from the email signup MX verification using an RFC-822 library which executes the host command to validate MX records, enabling remote code execution on the Trunk server. The underlying risk is that an attacker co...

PT-2024-5205 · Cocoapods · Cocoapods

Name of the Vulnerable Software and Affected Versions: CocoaPods affected versions not specified Description: The issue concerns the CocoaPods dependency manager, specifically the authentication server trunk.cocoapods.org. A problem was found in the part of the trunk that verifies whether a user...

Low: Red Hat Security Advisory: Red Hat build of Keycloak 22.0.11 Images enhancement and security update

New images are available for Red Hat build of Keycloak 22.0.11 and Red Hat build of Keycloak 22.0.11 Operator, running on OpenShift Container Platform Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which...

Low: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.9 for OpenShift image enhancement update

A new image is available for Red Hat Single Sign-On 7.6.9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System CVSS base score,...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

AS-REP Roasting

Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading - AS-REP Roasting...

wpa_supplicant security vulnerability

wpasupplicant is a cross-platform WPA request program. The program supports WEP, WPA, and WPA2, among others. A security vulnerability exists in wpasupplicant that stems from not properly configuring the server used for authentication...

Lif Authentication Server Security Vulnerability

Lif Authentication Server is a Lif Platforms open source server for authenticating Lif account logins, administrative information, and account recovery. A security vulnerability exists in versions of Lif Authentication Server prior to 1.4.0 that stems from a failure to check that files received b...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security update

A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security update

A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

FAS - User is unable to launch desktops with Access Denied windows event

When attempting to launch desktop, Error message shows : "cannot start desktop". Event ID 1 and 28 are logged on Storefront servers. Application and service logs Citrix delivery services = Event ID: 1 Description: The Federated Authentication Server at: returned a server error: 1 for method...

CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

CVE-2023-32338

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

CVE-2023-32338

CVE-2023-32338 affects IBM Sterling Secure Proxy and IBM Sterling External Authentication Server (versions 6.0.3 and 6.1.0). The root cause is storing user credentials in plain text, readable by a local user with container access. Reported impact is credential disclosure with high confidentiality...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...