MAL-2025-191730 Malicious code in flask-auth-sys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a241889bfae20aee5395660063d13f337aa9733c14b02bf2edb004d6d36e1d41 On importing the module, the code attempts to span a reverse shell. In the current version, the remote domain does not exist --- Category: MALICIOUS - The...

Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...

CVE-2024-55008

CVE-2024-55008 concerns JATOS 3.9.4, where an authentication DoS can lock out user accounts. The document set confirms the vulnerability arises from the login flow: submitting 3 incorrect login attempts per minute can trigger an account-level lockout, affecting any user regardless of privileges, ...

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...

PT-2025-3091 · Jatos · Jatos

Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.4 Description: The issue is a denial-of-service DoS vulnerability in the authentication system. An attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts...

[SECURITY] Fedora 39 Update: krb5-1.21.3-2.fc39

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form...

krb5 security update

An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...

Important: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2024-45042

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the highestavailable setting will incorrectly assume that the identity’s highest available AAL is aal1 even though it really is aal2. This means that t...

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 9 : krb5 (RHSA-2024:5643)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5643 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...

Cisco Smart Software Manager On-Prem Password Change (cisco-sa-cssm-auth-sLw3uhUy)

According to its self-reported version, Cisco Smart Software Manager On-Prem Password Change is affected by a vulnerability. - A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of...

PT-2024-28228 · Cloud Foundry Foundation · Cloud Foundry

Name of the Vulnerable Software and Affected Versions: Cloud Foundry Foundation version v40.17.0 Description: The issue is related to a failure in properly synchronizing a user's permissions in the User Account and Authentication UAA system. This potentially results in users retaining access righ...

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

idm:DL1 and idm:client security update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...

CVE-2024-27348 Apache HugeGraph-Server: Command execution in gremlin

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue...