CVE-2021-0215 Junos OS: EX Series, QFX Series, SRX Branch Series, MX Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An...

CVE-2021-0215

The CVE-2021-0215 issue is a memory leak in Juniper Junos OS on EX/QFX/MX/SRX devices triggered when the 802.1X authenticator port interface flaps. The pfex process (packet forwarding) can crash and restart as memory grows. Several Junos OS releases are affected across multiple lines and versions...

Juniper Networks Junos OS Resource Management Error Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A resource management error vulnerability exists in multiple Juniper Networks products and can be exploited by an attacker...

PT-2021-2138 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 14.1X53-D54 Juniper Networks Junos OS versions prior to 15.1X49-D240 Juniper Networks Junos OS versions prior to 15.1X53-D593 Juniper Networks Junos OS versions prior to 16.1R7-S8 Juniper Networks...

Improper Certificate Validation

keycloak-services does not properly validate certificates. Lack of validation on the certificate timestamp validity allows an expired certificate to be accepted by Keycloak's direct-grant authenticator...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26257 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26257 Source advisory: OSV:PYSEC-2020-236...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26257 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26257 Source advisory: OSV:GHSA-HXMP-PQCH-C8MM...

Denial of Service in extension "Authenticator" (defbu_authenticator)

The extension bundles demo files of a 3rd party QR Code generator allowing a remote user to create QR Codes saved as PNG files on the webserver. This can result in Denial of Service, since the webspace can be filled up with a large amount of PNG files...

Exploit for CVE-2020-14883

CVE-2020-14883 Oracle WebLogic Server Authenticated Remote Cod...

Information Disclosure

cas-server-support-otp-mfa is vulnerable to information disclosure. The vulnerability exists as the user's secret key is sent as a GET parameter in an img tag when Google Authenticator is used...

CVE-2020-1688

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

Authentication flaw

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

CVE-2020-27178

CVE-2020-27178 affects Apereo CAS in multiple lines: 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4. The root cause is mishandling of secret keys used for Google Authenticator-based multifactor authentication. This can lead to improper handling of MFA secr...

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

Bastillion - A Web-Based SSH Console That Centrally Manages Administrative Access To Systems

Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can logi...

CVE-2020-8206

An improper authentication vulnerability exists in Pulse Connect Secure 9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP...

GHSA-V7M9-9497-P9GR Possible pod name collisions in jupyterhub-kubespawner

Impact What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: - KubeSpawner = 0.11.1 e.g. zero-to-jupyterhub 0.9.0 and - enabled namedservers not default, and - an Authenticator that allows: - usernames with hyphens or other characters that require escape e.g. user-hyphe...