CVE-2024-32638 Apache APISIX: Forward-Auth Request Smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

CVE-2024-32638

This CVE (CVE-2024-32638) concerns Apache APISIX and the forward-auth plugin, where an Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) vulnerability exists. Affected versions are APISIX 3.8.0 and 3.9.0; upgrading to 3.8.1, 3.9.1, or newer mitigates the issue. The vulnerabili...

PT-2024-24735 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions 3.8.0 through 3.9.0 Description: The issue is related to an Inconsistent Interpretation of HTTP Requests, also known as 'HTTP Request Smuggling', in Apache APISIX when using the forward-auth plugin. Recommendations: For...

CVE-2024-33516

An unauthenticated Denial of Service DoS vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller...

CVE-2024-33516

ArubaOS (Aruba Mobility Controllers) is affected by CVE-2024-33516 where an unauthenticated DoS via the PAPI protocol (UDP port 8211) can interrupt the controller’s operation. Public details indicate ArubaOS 8.10.x, 8.11.x, 10.4.x, and 10.5.x are affected; fixes are available in Aruba PSA-2024-00...

FreeBSD : py-social-auth-app-django -- Improper Handling of Case Sensitivity (b3affee8-04d1-11ef-8928-901b0ef714d4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b3affee8-04d1-11ef-8928-901b0ef714d4 advisory. - Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to...

RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:3655)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3655 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

SUSE CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

Improper Handling Of Case Sensitivity

social-auth-app-django is vulnerable to Improper Handling Of Case Sensitivity. The vulnerability is due to default case-insensitive collation in MySQL or MariaDB databases. This vulnerability could cause different IDs to match, resulting in Business Logic Flaws...

FreeBSD : py-matrix-synapse -- weakness in auth chain indexing allows DoS (bdfa6c04-027a-11ef-9c21-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bdfa6c04-027a-11ef-9c21-901b0e9408dc advisory. - Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a ro...

CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

DEBIAN-CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

UBUNTU-CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

CVE-2024-32879 social-auth-app-django Improper Handling of Case Sensitivity vulnerability

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

CVE-2024-32879 social-auth-app-django Improper Handling of Case Sensitivity vulnerability

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

argus-server (>=1.0.0 <=1.1.1), b9gemyaeix (>=4.14.0 <=4.14.1) +55 more potentially affected by CVE-2024-32879 via social-auth-app-django (>=0.1.0 <=5.4.0)

social-auth-app-django PYPI version =0.1.0, =1.0.0, =4.14.0, =0.15.0, =0.3.23, =1.0.1, =1.0.0, =0.1.0, =4.4.0, =0.0.2, =1.0.0, =1.0.0, =3.0.0 and more Source cves: CVE-2024-32879 Source advisory: OSV:GHSA-2GR8-3WC7-XHJ3...

social-auth-app-django affected by Improper Handling of Case Sensitivity

Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix...

CVE-2023-47774 WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7...

CVE-2022-45852 WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5...