Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the certificate issuance/auto-certification flows in api/certificate/issue.go and api/sites/autocert.go, and JSON field encryption migration in the internal/migrate. An attacker c...

CVE-2019-25340

SpotAuditor 5.3.2 contains a denial of service in the Base64 decryption feature. An attacker can crash the application by supplying a malformed input file consisting of 2000 repeated characters, which triggers a crash when pasted into the Base64 Encrypted Password field. The CVSS metrics indicate...

MongoDB mongocryptd和MongoDB Mongo_crypt_v1.so 安全漏洞

MongoDB mongocryptd and MongoDB Mongocryptv1.so are both products of MongoDB, Inc. of the U.S.A. MongoDB mongocryptd is a client-side encryption library.MongoDB Mongocryptv1.so is an auto-encryption shared library used to perform encryption and decryption operations. A security vulnerability exis...

GHSA-QV37-MFJF-42H8 Plaintext storage of tokens in pulp_ansible

The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...

CVE-2022-3644

A flaw exists in the collection remote for pulpansible, where tokens are stored in plaintext instead of using pulp's encrypted field. This flaw allows an attacker with sufficient privileges to read the stored tokens, resulting in the loss of confidentiality...