3 matches found
ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider
Summary An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider IdP implementation. When validating JSON Web Tokens JWTs from an external provider, ZITADEL properly checks the token's cryptographic signature and issuer iss, but it fails to validate the...
CVE-2023-1617
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...
PT-2022-4819
Name of the Vulnerable Software and Affected Versions Blender versions 2.93.8 through 3.x Description The issue is related to a missing bounds check in the image loader, leading to out-of-bounds heap access. This allows an attacker to cause denial of service, memory corruption, or potentially cod...