EUVD-2021-9203

Malicious code in bioql PyPI...

BIT-GRAFANA-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

grafana: account takeover possible when using Azure AD OAuth

A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant AzureAD OAuth...

FreeBSD : Grafana -- Account takeover / authentication bypass (fdbe9aec-118b-11ee-908a-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fdbe9aec-118b-11ee-908a-6c3be5272acd advisory. - Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email fiel...

SUSE CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

Authentication flaw

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

CVE-2021-22034

Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability...

CVE-2021-22034

Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability...

CVE-2021-22034

CVE-2021-22034 affects VMware vRealize Operations Tenant App prior to version 8.6. The issue is an information-disclosure vulnerability exposed over the network (port 443) that could allow an attacker with network access to read system environment variables, as described in the VMware advisory. T...

VMSA-2021-0024:VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability

Advisory ID: VMSA-2021-0024 CVSSv3 Range: 5.3 Issue Date:2021-10-19 Updated On: 2021-10-19 CVEs: CVE-2021-22034 Synopsis: VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability CVE-2021-22034 RSS Feed Download PDF Download Text File Share this page on social...