28 matches found
Nextcloud user_oidc 授权问题漏洞
Nextcloud useroidc is an application developed by the German company Nextcloud. There were authorization issues in versions of Nextcloud useroidc between 0.3.0 and 3.1.0, as well as between 5.0.0 and 5.1.0, and between 6.0.0 and 6.4.0. This issue stemmed from a lack of User OIDC signature...
EUVD-2008-7252
Malware in sbrugna...
EUVD-2019-0532
Malware in sbrugna...
EUVD-2008-3268
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-3234
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from...
CVE-2019-14407
cPanel before 78.0.2 reveals internal data to OpenID providers SEC-415...
CVE-2008-3280
It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...
CVE-2008-3280
It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...
Design/Logic Flaw
It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...
CVE-2008-3280
It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-14407
cPanel before 78.0.2 reveals internal data to OpenID providers SEC-415...
Design/Logic Flaw
cPanel before 78.0.2 reveals internal data to OpenID providers SEC-415...
ruby-openid SSRF via claimed_id request
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
DEBIAN-CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID (ruby-openid) up to version 2.8.0 contains a remote SSRF vulnerability in the OpenID discovery/verification flow. Exploitation could cause the server to connect to an attacker-controlled URL, potentially leaking private information. Public advisories describe impact as remote, with hi...
GHSA-6C8P-QPHV-668V Denial of service in ruby-openid
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...