Lucene search
K

103 matches found

OSV
OSV
added 2024/05/02 5:33 a.m.4 views

SUSE-SU-2024:1486-1 Security update for cosign

This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments bsc1222835 - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts bsc1222837 Other fixes: - Updated to 2.2...

7.5CVSS6.8AI score0.00851EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/11/09 6:5 p.m.4 views

Malicious code in resume-sourcing-nodejs-client-credentials (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63bf870804a0bc378ff856c7e19723430ff40b603bebd5c485f101b20ae69e12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/03/01 10:2 p.m.5 views

keycloak: Client Registration endpoint does not check token revocation

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...

3.8CVSS6.3AI score0.00466EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/01 9:58 p.m.10 views

keycloak: Client Registration endpoint does not check token revocation

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...

3.8CVSS6.3AI score0.00466EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.6 views

keycloak: Client Registration endpoint does not check token revocation

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...

3.8CVSS6.3AI score0.00466EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.8 views

SUSE CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

7.8CVSS6.6AI score0.02088EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.5 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from its failure to properly check whether client tokens may be revoked in its...

3.8CVSS5.5AI score0.00466EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/01/12 12:0 a.m.7 views

The vulnerability of the Squid caching proxy server, related to improper access control, allows attackers to gain access to confidential information.

The vulnerability of the Squid caching proxy server relates to the inconsistent processing of internal URIs. Exploiting this vulnerability allows a remote attacker to bypass the ACL firewall protection and gain access to information about the cache controller, including records related to the...

6.8CVSS6.9AI score0.0169EPSS
Exploits0References12Affected Software8
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.10 views

PT-2023-16006 · Keycloak +1 · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...

6.5CVSS4.8AI score0.00466EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.6 views

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

8.1CVSS6.9AI score0.00704EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/10/13 12:0 a.m.25 views

Debian dla-3151 : squid - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3151 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3151-1 [email protected]...

8.6CVSS7.2AI score0.0282EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/09/26 12:0 a.m.73 views

FreeBSD : squid -- Exposure of sensitive information in cache manager (f9ada0b5-3d80-11ed-9330-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f9ada0b5-3d80-11ed-9330-080027f5fec9 advisory. - Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerab...

6.5CVSS6.8AI score0.0169EPSS
Exploits0References3
OSV
OSV
added 2022/06/20 8:18 p.m.8 views

MAL-2022-6807 Malicious code in uphold-client-credentials-oauth-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a6ff91dfe2ca9fdd4154417d7e9abc79b3e51e42edf5011f0a67c40ba63f2a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:18 p.m.7 views

MAL-2022-6806 Malicious code in uphold-client-credentials-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ee1618d8c0e16c0718fa14f46a31d597153805eebeba4ff495446ce39908d7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/04/17 12:0 a.m.39 views

squid -- Exposure of sensitive information in cache manager

Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...

6.5CVSS0.6AI score0.0169EPSS
Exploits0References1
Veeam
Veeam
added 2022/03/24 12:0 a.m.461 views

Veeam Backup for Microsoft 365 Restore Portal Error: "The server has rejected the client credentials"

Challenge When attempting to login to the Veeam Backup for Microsoft 365 Restore Portal, the following error occurs: The server has rejected the client credentials. Cause At this time, there are three known scenarios that may cause this issue: Scenario 1: Certificate not added to the Trusted Root...

7AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2021/05/21 8:46 a.m.32 views

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...

1.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2021/04/14 2:6 p.m.21 views

CVE-2021-29943

A flaw was found in solr. Server credentials, instead of client credentials, are used for authenticating forward/proxy distributed requests using the ConfigurableInternodeAuthHadoopPlugin resulting in incorrect authorization resolution on the receiving hosts. The highest threat from this...

9.1CVSS2.4AI score0.05263EPSS
Exploits0References3
NVD
NVD
added 2021/04/13 7:15 a.m.22 views

CVE-2021-29943

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts...

9.1CVSS0.05263EPSS
Exploits0References2
NVD
NVD
added 2020/12/09 5:15 p.m.23 views

CVE-2020-26816

SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

5.4CVSS4.7AI score0.00167EPSS
Exploits0References2
Rows per page
Query Builder