EUVD-2021-19554

Malware in sbrugna...

EUVD-2006-4144

Malicious code in bioql PyPI...

ROS-20240815-09

Authentication and authorization module for Apache 2.x HTTP server Modauthopenidc has a vulnerability related to setting OIDCStripCookies and providing the created cookie, a dereferencing of a NULL pointer occurs, which will cause a segmentation error. NULL pointer, which will result in a...

SUSE SLES12 Security Update : apache2-mod_auth_openidc (SUSE-SU-2024:0758-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0758-1 advisory. - modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID...

Debian dla-3751 : libapache2-mod-auth-openidc - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3751 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3751-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] Fedora 39 Update: mod_auth_openidc-2.4.15.3-1.fc39

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server...

Fedora 39 : mod_auth_openidc (2024-3c0f2a2771)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3c0f2a2771 advisory. fix CVE-2024-24814: prevent DoS when OIDCSessionType client-cookie is set and a crafted Cookie header is supplied Tenable has extracted the preceding...

Fedora: Security Advisory (FEDORA-2024-3c0f2a2771)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : mod_auth_openidc-2.4.9.4-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the modauthopenidc-2.4.9.4-2.el9 build changelog. - open redirect by supplying a crafted URL in the targetlinkuri parameter CVE-2021-39191 - modauthopenidc is an OpenID Certified...

Advisory ROSA-SA-2024-2362

Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...

CVE-2024-24814

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...

Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-6940)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6940 advisory. - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308...

RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:6940)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6940 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...

Fedora 39 : mod_auth_openidc (2023-02c84fe305)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-02c84fe305 advisory. Automatic update for modauthopenidc-2.4.12.3-2.fc39. Changelog Tue Mar 7 2023 Tomas Halman - 2.4.12.3-2 migrated to SPDX license Tue Feb 28 2023 Tom...

RHEL 9 : mod_auth_openidc (RHSA-2023:6365)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6365 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...

Rocky Linux 8 : mod_auth_openidc:2.3 (RLSA-2022:1823)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1823 advisory. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party,...

[SECURITY] [DLA 3580-1] libapache-mod-jk security update

Debian LTS Advisory DLA-3580-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 24, 2023 https://wiki.debian.org/LTS Package : libapache-mod-jk Version : 1:1.2.46-1+deb10u2 CVE ID : CVE-2023-41081 Debian Bug : 1051956 The modjk component of Apache Tomcat...

Debian dla-3499 : libapache2-mod-auth-openidc - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3499 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3499-1 [email protected]...

Fedora: Security Advisory for mod_auth_openidc (FEDORA-2023-b534ca7056)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: mod_auth_openidc-2.4.13.2-1.fc38

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server...