323 matches found
Debian: Security Advisory (DLA-2625-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2625-1 : courier-authlib security update
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
[SECURITY] [DLA 2625-1] courier-authlib security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2625-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 14, 2021 https://wiki.debian.org/LTS -...
DLA-2625-1 courier-authlib - security update
Bulletin has no description...
Information Disclosure
courier-authlib is vulnerable to information disclosure. The vulnerability exists due to a /run/courier/authdaemon directory with weak permissions...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
Design/Logic Flaw
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The CVE-2021-28374 issue affects the Debian courier-authlib package prior to 0.71.1-2 for Courier Authentication Library, which creates /run/courier/authdaemon with weak permissions, enabling an attacker to read user information (potentially including a cleartext password hash). The vulnerability...
[SECURITY] Fedora 32 Update: python-authlib-0.14.3-1.fc32
Python library for building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included...
Fedora 32 : matrix-synapse / python-authlib / python-canonicaljson / etc (2020-b90dac7fc4)
Update matrix-synapse to 1.23.0 to resolve CVE-2020-26890. There may be breaking changes, please review prior to upgrade : https://github.com/matrix-org/synapse/blob/develop/UPGRADE.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora updat...
Fedora: Security Advisory for python-authlib (FEDORA-2020-b90dac7fc4)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Mandriva Linux Security Advisory : courier-authlib (MDVSA-2013:068)
When using the authpgsql module and if the Postgres server goes down, authpgsql will start leaking memory. A packaging flaw was discovered that caused the courier-authlib-devel package to be installed when installing for example maildrop. This update fixes both of these issues. %NASLMINLEVEL 7030...
openSUSE Security Update : courier-authlib (courier-authlib-370)
Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-370. The text...
openSUSE Security Update : courier-authlib (courier-authlib-370)
Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-370. The text...
openSUSE Security Update : courier-authlib (courier-authlib-391)
Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-391. The text...
openSUSE Security Update : courier-authlib (courier-authlib-42)
This update of courier-authlib fixes a bug that allowed SQL injections. CVE-2008-2667 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-42. The text description of this plugin is...