6598 matches found
PT-2025-15122
Name of the Vulnerable Software and Affected Versions mod auth openidc versions prior to 2.4.16.11 Description A bug in mod auth openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure include an OIDCProviderAuthRequestMethod POST, a valid accoun...
CVE-2024-57835
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...
CVE-2024-57835
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...
CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...
CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...
MetaCPAN Amon2::Auth::Site::LINE 安全漏洞
MetaCPAN Amon2::Auth::Site::LINE is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Amon2::Auth::Site::LINE that stems from the use of an insecure random number generator...
PT-2025-15066 · Unknown +1 · Amon2::Auth::Site::Line +2
Name of the Vulnerable Software and Affected Versions: Amon2::Auth::Site::LINE versions up to 0.04 Description: The issue concerns the use of a predictable random number generator. Amon2::Auth::Site::LINE utilizes the String::Random module to generate nonce values, which defaults to Perl's built-...
SUSE SLES15: apache2-mod_apparmor / apparmor-abstractions / apparmor-docs / etc (SUSE-SU-2025:1135-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1135-1 advisory. This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin...
SUSE-SU-2025:1135-1 Security update for apparmor
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
SUSE-SU-2025:1134-1 Security update for apparmor
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
CVE-2025-29991
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...
PT-2025-19699 · Opensuse +1 · Apparmor +1
Name of the Vulnerable Software and Affected Versions: apparmor affected versions not specified Description: This issue allows dovecot-auth to execute the unix check password function from /sbin, not only from /usr/bin. Recommendations: At the moment, there is no information about a newer version...
CVE-2025-29991
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...
PT-2025-19700 · Suse · Apparmor +1
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
SUSE SLES12 Security Update : apparmor (SUSE-SU-2025:1101-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1101-1 advisory. This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation and sanitization of user-supplied input in the auth-url Ingress annotation, allowing attackers to inject arbitrary nginx configuration directives...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1819 more potentially affected by CVE-2025-31720 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.492.2)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2025-31720 Source advisory: OSV:GHSA-565R-PF5Q-45V6...
SUSE-SU-2025:1101-1 Security update for apparmor
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
Malicious code in @nationalgeographicsociety/ngsui-header-auth-provider-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d38527cfd7590fab454ac20f3be069dae42b211700523eb5a58dfd421014d9be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-19698 · Suse · Apparmor
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...