Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from its failure to properly check whether client tokens may be revoked in its...

PT-2023-16006 · Keycloak +1 · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

Debian dla-3151 : squid - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3151 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3151-1 [email protected]...

FreeBSD : squid -- Exposure of sensitive information in cache manager (f9ada0b5-3d80-11ed-9330-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f9ada0b5-3d80-11ed-9330-080027f5fec9 advisory. - Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerab...

MAL-2022-6807 Malicious code in uphold-client-credentials-oauth-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a6ff91dfe2ca9fdd4154417d7e9abc79b3e51e42edf5011f0a67c40ba63f2a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6806 Malicious code in uphold-client-credentials-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ee1618d8c0e16c0718fa14f46a31d597153805eebeba4ff495446ce39908d7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

squid -- Exposure of sensitive information in cache manager

Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...

Veeam Backup for Microsoft 365 Restore Portal Error: "The server has rejected the client credentials"

Challenge When attempting to login to the Veeam Backup for Microsoft 365 Restore Portal, the following error occurs: The server has rejected the client credentials. Cause At this time, there are three known scenarios that may cause this issue: Scenario 1: Certificate not added to the Trusted Root...

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...

CVE-2021-29943

A flaw was found in solr. Server credentials, instead of client credentials, are used for authenticating forward/proxy distributed requests using the ConfigurableInternodeAuthHadoopPlugin resulting in incorrect authorization resolution on the receiving hosts. The highest threat from this...

CVE-2021-29943

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts...

CVE-2020-26816

SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

Information disclosure

SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

CVE-2020-26816

SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

CVE-2020-26816

The CVE-2020-26816 issue affects SAP NetWeaver AS Java Key Storage Service. Key material is stored in DER-encoded format in the database and is not encrypted, enabling an administrator to decode the keys and potentially access application data and client credentials of adjacent systems, impacting...

GHSA-5JPF-PJ32-XX53 Authorization header is not sanitized in an error object in auth0

Overview Versions before and including 2.27.0 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 management API fails, the key for Authorization header is not sanitized and the Authorization header value can be...

CVE-2019-18248

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

Design/Logic Flaw

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears

There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...