86 matches found
EUVD-2025-206690
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...
CVE-2025-62599 eprosima Fast DDS affected by Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...
CVE-2025-62599
CVE-2025-62599 affects eProsima Fast DDS prior to versions 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1. When security mode is enabled, modifying the DATA Submessage in an SPDP packet (specifically tampering with the length of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN as readPropertySeq) can trigger ...
CVE-2025-62599 eprosima Fast DDS affected by Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...
Fast-DDS 输入验证错误漏洞
Fast-DDS is a complete DDS system open-sourced by eProsima. Versions of Fast-DDS prior to 3.4.1, 3.3.1, and 2.6.11 contained a vulnerability related to input validation errors. This vulnerability stemmed from modifying the PIDIDENTITYTOKEN or PIDPERMISSIONSTOKEN fields in the DATA sub-message,...
eProsima Fast DDS 安全漏洞
eProsima Fast DDS is a C++ implementation of the OMG Object Management Group DDS Data Distribution Service standard by eProsima Corporation. Versions prior to 3.4.1, 3.3.1, and 2.6.11 of eProsima Fast DDS contained security vulnerabilities. These vulnerabilities were caused by modifying the...
Fast-DDS 输入验证错误漏洞
Fast-DDS is a complete DDS system open-sourced by eProsima. Versions of Fast-DDS prior to 3.4.1, 3.3.1, and 2.6.11 contained a vulnerability related to input validation errors. This vulnerability stemmed from modifying the length of the PIDIDENTITYTOKEN or PIDPERMISSIONTOKEN fields in the DATA...
SUSE CVE-2025-66506
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...
UBUNTU-CVE-2025-66506
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...
CVE-2025-66506 Fulcio allocates excessive memory during token parsing
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed
Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...
CVE-2025-64099 OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info
Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...
PT-2025-46699
Name of the Vulnerable Software and Affected Versions Open Access Management OpenAM versions prior to 16.0.0 Description Open Access Management OpenAM contains a flaw where, if the claims parameter supported parameter is enabled, the "oidc-claims-extension.groovy" script allows injection of...
Linux Distros Unpatched Vulnerability : CVE-2025-1296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This...
FreeBSD : Gitlab -- vulnerabilities (7bfe6f39-78be-11f0-9d03-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7bfe6f39-78be-11f0-9d03-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site...
GitLab Enterprise Edition和GitLab Community Edition 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...
CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
CVE-2019-16929
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...
UBUNTU-CVE-2025-1296
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...