9 matches found
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the azureauthextension method. An attacker can gain unauthorized access to telemetry ingestion endpoints by replaying a valid Azure access token for any scope the configured identity c...
GHSA-PJV4-3C63-699F opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
Summary A server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry receiver that uses auth: azureauth. The extension's Authenticate metho...
PT-2026-38281
Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...
CVE-2026-20144
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...
Microsoft DFSCoerce Domain Control Privilege Vulnerability
Windows Server is a server operating system for Windows introduced by Microsoft on April 24, 2003, with the Microsoft Windows Server System WSS at its core. Microsoft DFSCoerce has a domain control privilege exploit, which can be exploited by an attacker to request the certificate of a domain...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a deficiency was found in the Linux kernel Stream Control Transmission Protocol SCTP Authentication Extension implementation. All the SCTP-AUTH socket options could cause a kernel panic if the API was used when the extensi...
Unspecified SQL Injection Vulnerability in TYPO3 Shibboleth Authentication Extension
TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. An unspecified SQL injection vulnerability exists in the TYPO3 Shibboleth Authentication extension, which could allow an attacker to take control of an application, access or modify data, or explo...
TYPO3 LDAP/SSO Authentication Extension Authentication Bypass Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. An authentication bypass vulnerability exists in the TYPO3 LDAP/SSO Authentication Extension, which can be exploited by an attacker to bypass the authentication mechanism and...
kernel: sctp: fix potential panics in the SCTP-AUTH API
net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service NULL pointer dereferenc...