5 matches found
CVE-2023-43660
Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management when handling namespace scopes for BMCEventSubscription. A user with namespace level roles can access and manipulate secrets from unauthorized namespaces by creating a BMCEventSubscription in a namespace th...
GHSA-237R-R8M4-4Q88 Guzzle OAuth Subscriber has insufficient nonce entropy
Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...
PT-2025-4303 · Unknown · Guzzle Oauth Subscriber
Name of the Vulnerable Software and Affected Versions: Guzzle OAuth Subscriber versions prior to 0.8.1 Description: The issue concerns the Guzzle OAuth Subscriber, which signs Guzzle requests using OAuth 1.0. Prior to version 0.8.1, the Nonce generation does not utilize sufficient entropy nor a...
UBUNTU-CVE-2023-0645
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159...