3 matches found
GHSA-9RR6-JPG7-9JG6 Authentication Bypass by Capture-replay in Apache Spark
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...
PT-2021-15251 · Nextcloud +2 · Nextcloud Desktop Client +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.1.3 Description: The issue is related to resource injection due to missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
PT-2019-13325 · Rencontre · Rencontre
Name of the Vulnerable Software and Affected Versions: Rencontre plugin versions prior to 3.1.3 Description: The issue allows SQL Injection via the inc/rencontre widget.php file. Recommendations: For versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue...