333 matches found
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
CVE-2024-37568
Technical details for CVE-2024-37568 are not publicly available in the provided documents. Monitor for updates from upstream and security advisories.
BIT-REDASH-2021-43777
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...
SUSE CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
CVE-2021-43777
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...
Cross site request forgery (csrf)
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...
CVE-2021-43777 Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce)
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...
CVE-2021-43777
Redash 10.0 and earlier are affected by CVE-2021-43777 due to improper use of the OAuth state parameter in Google Login, where the state is used to pass the next URL instead of a CSRF nonce. The issue does not affect non-Google-Login users. A patch in the master and release/10.x.x branches replac...
PT-2021-23926 · Google · Google Login
Name of the Vulnerable Software and Affected Versions: Redash versions 10.0 and prior Description: The implementation of Google Login in Redash incorrectly uses the state parameter to pass the next URL to redirect the user to after login, instead of using it for a Cross-Site Request Forgery CSRF...
Debian: Security Advisory (DLA-2625-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2625-1 : courier-authlib security update
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
[SECURITY] [DLA 2625-1] courier-authlib security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2625-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 14, 2021 https://wiki.debian.org/LTS -...
DLA-2625-1 courier-authlib - security update
Bulletin has no description...
Information Disclosure
courier-authlib is vulnerable to information disclosure. The vulnerability exists due to a /run/courier/authdaemon directory with weak permissions...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
Design/Logic Flaw
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...
CVE-2021-28374
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...