[SECURITY] [DSA 5917-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5917-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DLA 4155-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4155-1 [email protected] https://www.debian.org/lts/security/ Moritz Schlarb May 08, 2025 https://wiki.debian.org/LTS -...

DSA-5917-1 libapache2-mod-auth-openidc - security update

Bulletin has no description...

Debian dla-4155 : libapache2-mod-auth-openidc - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4155 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4155-1 [email protected] https://www.debian.org/lts/security/...

DLA-4155-1 libapache2-mod-auth-openidc - security update

Bulletin has no description...

CVE-2025-46826 insa-auth Open-Redirect on provided CAS server login endpoint

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...

CVE-2025-46826 insa-auth Open-Redirect on provided CAS server login endpoint

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...

BIT-VAULT-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

insa-auth 输入验证错误漏洞

insa-auth is an authentication service tool from genda open source. An input validation error vulnerability exists in insa-auth, which originates from a third-party website that has access to a server-assisted authentication bridge and may disclose basic information...

Exploit for CVE-2025-29927

CVE-2025-29927 - Next.js Auth Bypass PoC Este es un Proof o...

CVE-2025-45611

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request...

Mageia: Security Advisory (MGASA-2025-0147)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

Erlang OTP Pre-Auth RCE Scanner and Exploit

This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in the SSH...

GHSA-F9CH-H8J7-8JWG Hashicorp Vault Community vulnerable to Incorrect Authorization

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

Hashicorp Vault Community vulnerable to Incorrect Authorization

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

PT-2025-18909 · Hashicorp +1 · Vault Community Edition +2

Name of the Vulnerable Software and Affected Versions: Vault Community Edition versions prior to 1.19.1 Vault Enterprise versions prior to 1.19.1, 1.18.7, 1.17.14, 1.16.18 Description: The Azure Auth method in Vault did not correctly validate the claims in the Azure-issued token. This resulted in...

DEBIAN-CVE-2022-49807

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmetauthsetkey When changing dhchap secrets we need to release the old secrets as well. kmemleak complaint: -- unreferenced object 0xffff8c7f44ed8180 size 64: comm "check", pid 7304, jiffies 429568613...

Malicious code in customprefix-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af67fc99b5f6993bf42c27c8c407c6bee3e97d0f412d03ab30533470b86339d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...