41 matches found
EUVD-2024-39454
Malicious code in bioql PyPI...
EUVD-2024-39455
Malicious code in bioql PyPI...
EUVD-2024-39457
Malicious code in bioql PyPI...
EUVD-2024-39456
Malicious code in bioql PyPI...
EUVD-2024-39453
Malicious code in bioql PyPI...
CVE-2024-42164
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable2fa link...
CVE-2024-42165
Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...
CVE-2024-42166
The function "generateappcertificates" in lib/appcertificates.js of FIWARE Keyrock = 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious...
CVE-2024-42163
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...
FIWARE Keyrock Encryption Problem Vulnerability (CNVD-2024-37461)
FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and earlier versions, which stems from the algorithm used to create the disable2fakey being predictable, and can be exploited by an attacker to predict...
FIWARE Keyrock Operating System Command Injection Vulnerability
FIWARE Keyrock is a FIWARE open source component responsible for identity management. An operating system command injection vulnerability exists in FIWARE Keyrock 8.4 and earlier versions, which stems from the function generateappcertificates in lib/appcertificates.js not being properly...
FIWARE Keyrock Encryption Issue Vulnerability
FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...
FIWARE Keyrock OS Command Injection Vulnerability (CNVD-2024-37459)
FIWARE Keyrock is a FIWARE open source component responsible for identity management. An operating system command injection vulnerability exists in FIWARE Keyrock version 8.4 and earlier, which stems from the function generateappcertificates in controllers/saml2/saml2.js not being properly...
FIWARE Keyrock Encryption Problem Vulnerability (CNVD-2024-37462)
FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and earlier versions, which stems from the predictability of the algorithm used to create password reset tokens, and can be exploited by an attacker to...
CVE-2024-42166
The function "generateappcertificates" in lib/appcertificates.js of FIWARE Keyrock = 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious...
CVE-2024-42166
The function "generateappcertificates" in lib/appcertificates.js of FIWARE Keyrock = 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious...
CVE-2024-42167
The function "generateappcertificates" in controllers/saml2/saml2.js of FIWARE Keyrock = 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicio...
CVE-2024-42164
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable2fa link...
CVE-2024-42163
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...
CVE-2024-42163
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...