CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

EUVD-2025-204941

Malicious code in auth-handler npm...

Malicious code in auth-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d1be042f1565157d9c5e97b927919aa32bedb254b501aa374caf00c242ee83 The package auth-handler was found to contain malicious code...

MAL-2025-192712 Malicious code in auth-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d1be042f1565157d9c5e97b927919aa32bedb254b501aa374caf00c242ee83 The package auth-handler was found to contain malicious code...

Malicious Package

Overview auth-handler is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Onc...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...

EUVD-2022-45355

Malicious code in bioql PyPI...

The vulnerability of the mod_graph_auth_uri_handler() function in D-Link’s wireless repeater software DAP-1620 allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the modgraphauthurihandler function in the wireless repeater software from D-Link, the DAP-1620, relates to the escape of operations beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause a service failure b...

CLSA-2024-1722527236 Fix CVE(s): CVE-2021-3733

SECURITY UPDATE: Regular Expression Denial of Service - debian/patches/CVE-2021-3733.patch: Fix ReDoS vulnerability in AbstractBasicAuthHandler class of Lib/urllib2.py - CVE-2021-3733...

CVE-2022-42280

The CVE-2022-42280 issue affects NVIDIA DGX BMC SPX REST authorization. An unauthorized attacker could exploit a path traversal to escalate privileges on vulnerable BMC firmware. The NVIDIA advisory lists affected products (DGX Station A100/A800), and specifies a firmware update path with BMC Fir...

The vulnerability of the AbstractBasicAuthHandler class in the urllib.request component of the Python programming language allows a hacker to trigger a denial-of-service attack.

The vulnerability of the AbstractBasicAuthHandler class in the urllib.request component of the Python programming language is related to the use of an inefficient regular expression. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

DEBIAN-CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

UBUNTU-CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

python-paramiko: Authentication bypass in auth_handler.py

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...