526 matches found
GHSA-4C49-9FPC-HC3V lxd CA certificate sign check bypass
Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, only TLS clients that have a CA-signed certificate should be able to authenticate with LXD. We have discovered that if a client that sends a non-CA signed certificate during the TLS handshake, th...
lxd CA certificate sign check bypass
Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, only TLS clients that have a CA-signed certificate should be able to authenticate with LXD. We have discovered that if a client that sends a non-CA signed certificate during the TLS handshake, th...
Astra Linux – Vulnerability in Python 3.11
A vulnerability was discovered in Python before version 3.8.18, 3.9.x before version 3.9.18, 3.10.x before version 3.10.13, and 3.11.x before version 3.11.5. This vulnerability primarily affects servers such as HTTP servers that use TLS client authentication. When a TLS server-side socket is...
USN-7108-1: AsyncSSH vulnerabilities
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-2641)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Arbitrary File Overwrite
github.com/fkie-cad/yapscan is vulnerable to Arbitrary File Overwrite. The vulnerability is due to lack of client authentication and improper server permissions, allowing an attacker to forge requests that overwrite arbitrary files on the host system, potentially leading to data loss...
CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
LemonLDAP::NG 安全漏洞
LemonLDAP::NG is a set of Web single sign-on and access management software from LemonLDAP::NG open source. A security vulnerability exists in LemonLDAP::NG version 2.18.x and 2.19.x prior to 2.19.2, which stems from the presence of incorrect credential validation, allowing an attacker to bypass...
CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
CVE-2024-45160
CVE-2024-45160 affects LemonLDAP::NG versions 2.18.x and 2.19.x prior to 2.19.2. The issue is an incorrect credential validation that allows an attacker to bypass OAuth2 client authentication by supplying an empty client_password (client secret). The vulnerability outcome is a potential credentia...
CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...
IBM Business Automation Workflow Input Validation Error Vulnerability (CNVD-2024-46816)
IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. An input validation error vulnerability exists in...
SUSE CVE-2024-45159
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...
PT-2024-31445 · Unknown · Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions 2.18.x through 2.19.1 Description: The issue is related to incorrect credential validation, allowing attackers to bypass OAuth2 client authentication. This can be achieved by providing an empty client password parameter...
ALPINE-CVE-2024-45159
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...
UBUNTU-CVE-2024-45159
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...
PT-2024-31443 · Mbed Tls +1 · Mbed Tls +1
Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 3.x before 3.6.1 Description: An issue was discovered in Mbed TLS with TLS 1.3, when a server enables optional authentication of the client. If the client-provided certificate does not have appropriate values in keyUsage or...