LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0

Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Patches Users should upgrade to version 5.0 immediately Workarounds None...

CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

PT-2022-20573 · Unknown · Lti 1.3 Tool Library

Name of the Vulnerable Software and Affected Versions: LTI 1.3 Tool Library versions prior to 5.0 Description: The issue concerns the Nonce Claim Value not being validated against the nonce value sent in the Authentication Request. This affects the LTI 1.3 Tool Library, a library used for buildin...

golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the gssapi-with-mic method which will cause...

PT-2022-7282 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authenticatio...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1214)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2022-1051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python3 (EulerOS-SA-2022-1033)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

The vulnerability of the ngx_http_auth_request_module module in the Authelia authentication and authorization server allows attackers to bypass the authentication mechanism.

The vulnerability of the ngxhttpauthrequestmodule module in the Authelia authentication and authorization server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication mechanism...

Cross site request forgery (csrf)

In Versa Director, the un-authentication request found...

OPENSUSE-SU-2021:0637-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 bsc1184155: Fix the authentication request port when URL omits the port. Fix iframe scrolling when main frame is scrolled in async scrolling mode. Stop using gmemdup. Show a warning message when overriding signal...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1430-1)

This update for webkit2gtk3 fixes the following issues : Update to version 2.32.0 bsc1184155 : - Fix the authentication request port when URL omits the port. - Fix iframe scrolling when main frame is scrolled in async - scrolling mode. - Stop using gmemdup. - Show a warning message when overridin...

FusionAuth fusionauth-samlv2 代码问题漏洞

fusionauth fusionauth-samlv2 is a personal developer of a JAVA library that provides JAXB functionality . The library can mainly handle SAML requests and replies for scenarios such as single sign-on. A security vulnerability exists in FusionAuth fusionauth-samlv2 versions prior to 0.5.4 that allo...

python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

An uncontrolled resource consumption vulnerability was discovered in python in the class AbstractBasicAuthHandler, due to the kind of regular expression used while handling an authentication request in the httperrorauthreqed method. Client applications that use, directly or indirectly,...

CVE-2020-1509

An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service LSASS when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the targ...

Microsoft Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Microsoft Local Security Authority Subsystem Service is one of the local security...

Microsoft Windows Local Security Authority Subsystem Service Denial of Service Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the Microsoft Windows Local Security Authority...

Design/Logic Flaw

This security update corrects a denial of service in the Local Security Authority Subsystem Service LSASS caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'...

Local Security Authority Subsystem Service Denial of Service Vulnerability

This security update corrects a denial of service in the Local Security Authority Subsystem Service LSASS caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the...

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...