103 matches found
SUSE-SU-2024:1486-1 Security update for cosign
This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments bsc1222835 - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts bsc1222837 Other fixes: - Updated to 2.2...
Malicious code in resume-sourcing-nodejs-client-credentials (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63bf870804a0bc378ff856c7e19723430ff40b603bebd5c485f101b20ae69e12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
keycloak: Client Registration endpoint does not check token revocation
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...
keycloak: Client Registration endpoint does not check token revocation
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...
keycloak: Client Registration endpoint does not check token revocation
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...
SUSE CVE-2019-3800
CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from its failure to properly check whether client tokens may be revoked in its...
The vulnerability of the Squid caching proxy server, related to improper access control, allows attackers to gain access to confidential information.
The vulnerability of the Squid caching proxy server relates to the inconsistent processing of internal URIs. Exploiting this vulnerability allows a remote attacker to bypass the ACL firewall protection and gain access to information about the cache controller, including records related to the...
PT-2023-16006 · Keycloak +1 · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...
Apache Pulsar 信任管理问题漏洞
Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...
Debian dla-3151 : squid - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3151 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3151-1 [email protected]...
FreeBSD : squid -- Exposure of sensitive information in cache manager (f9ada0b5-3d80-11ed-9330-080027f5fec9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f9ada0b5-3d80-11ed-9330-080027f5fec9 advisory. - Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerab...
MAL-2022-6807 Malicious code in uphold-client-credentials-oauth-sample (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a6ff91dfe2ca9fdd4154417d7e9abc79b3e51e42edf5011f0a67c40ba63f2a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6806 Malicious code in uphold-client-credentials-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ee1618d8c0e16c0718fa14f46a31d597153805eebeba4ff495446ce39908d7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
squid -- Exposure of sensitive information in cache manager
Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...
Veeam Backup for Microsoft 365 Restore Portal Error: "The server has rejected the client credentials"
Challenge When attempting to login to the Veeam Backup for Microsoft 365 Restore Portal, the following error occurs: The server has rejected the client credentials. Cause At this time, there are three known scenarios that may cause this issue: Scenario 1: Certificate not added to the Trusted Root...
Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware
Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...
CVE-2021-29943
A flaw was found in solr. Server credentials, instead of client credentials, are used for authenticating forward/proxy distributed requests using the ConfigurableInternodeAuthHadoopPlugin resulting in incorrect authorization resolution on the receiving hosts. The highest threat from this...
CVE-2021-29943
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts...
CVE-2020-26816
SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...