290 matches found
Discourse 2.7.0.beta9 Security Update
A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
CVE-2021-22904
A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible DoS vulnerability was found in the Token Authentication logic in Action Controller...
[SECURITY] [DLA 2655-1] rails security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2655-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
Ruby 安全漏洞
Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the personal developer, Yukihiro Matsumoto. A security vulnerability exists in Ruby. The vulnerability is caused due to a "use after sale" error in the token authentication logic in the Operations Controller,...
Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. There is a possible denial of service vulnerability in the Token Authentication logic in Action Controller. Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for request...
GHSA-7WJX-3G7J-8584 Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...
Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...
PT-2021-4539 · Ruby On Rails +3 · Action Pack +3
Name of the Vulnerable Software and Affected Versions: actionpack versions 4.0.0 through 6.1.3.1, 6.0.3.6, 5.2.4.5, 5.2.5 actionpack versions 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 are not affected Description: The issue is related to a denial of service vulnerability in the Token Authentication logic ...
Tangro Business Workflow 授权问题漏洞
Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which stems from a failure of a proper...
The vulnerability of the Cisco DNA Center’s management center, related to errors in token authentication processing, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Cisco DNA Center’s management center is related to errors in token authentication processing. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
CVE-2020-15074
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp...
Unspecified Vulnerability in Saml2 Authentication services for ASP.NET
Saml2 Authentication services for ASP.NET is a SAML Security Assertion Markup Language authentication service for ASP.NET. A security vulnerability exists in the method of token authentication in Saml2 Authentication services for ASP.NET versions 1.0.2 and 2.0.0 through 2.6.0. An attacker could...
kubernetes: Bearer tokens written to logs at high verbosity levels (>= 7)
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
Credentials Management
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver which make use of basic or bearer token authentication, and run at high verbosity...
Future Proofing Your Content Security Perimeter with Enhanced Token Authentication
Background: Media Content Security Security in the media & entertainment industry means securing the entire content consumption path. For any OTT or streaming company that wants to serve or distribute its content to end users, has to protect and safeguard their content against an ever-evolving...
Cloud Controller, cf-deployment and cf-release authentication vulnerabilities
Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from the Cloud Foundry Foundation in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release version of CF...
CVE-2018-1195
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...
Circle with Disney Apid Strstr Authentication Bypass Vulnerability(CVE-2017-2914)
Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...
CVE-2015-7546
CVE-2015-7546 affects OpenStack Keystone and related keystonemiddleware: the identity service fails to invalidate authorization tokens when using PKI or PKIZ providers, enabling remote authenticated users to bypass access controls by manipulating bytes in a revoked token. Affected versions includ...