43 matches found
[SECURITY] Fedora 44 Update: tor-0.4.9.8-1.fc44
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...
EUVD-2025-209288
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...
CVE-2025-20628
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...
CVE-2025-20628 Insufficient granularity of access control for Remote Connector Servers in client mode
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...
CVE-2025-20628 Insufficient granularity of access control for Remote Connector Servers in client mode
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...
CVE-2025-20628
CVE-2025-20628 affects PingIDM (formerly ForgeRock Identity Management). The issue is an insufficient granularity of access control for remote connector servers (RCS) running in client mode, allowing a spoofed client-mode RCS to intercept or modify an identity’s security-relevant properties (e.g....
PT-2026-31046
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...
CVE-2021-0466
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Logstash 8.17.6, 8.18.1, and 9.0.1 Security Update (ESA-2025-08)
Logstash Improper Certificate Validation in TCP output ESA-2025-08 Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle MitM attack in “client” mode, as hostname verification in TCP output was not being performed when the sslverificationmode = full was set...
SUSE CVE-2024-53862
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
GHSA-H36C-M3RF-34H9 Access to Archived Argo Workflows with Fake Token in `client` mode
Summary When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name When using --auth-mode=sso, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint:...
GO-2024-3303 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows
Argo Workflows Allows Access to Archived Workflows with Fake Token in client mode in github.com/argoproj/argo-workflows...
CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
CVE-2023-20965
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-17752 · Google · Android
Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided in the input descriptions. Description: In the processMessageImpl function of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the...
PT-2023-24209 · Ntpd-Rs · Ntpd-Rs
Name of the Vulnerable Software and Affected Versions: ntpd-rs versions prior to 0.3.3 Description: ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter tha...
CVE-2023-25568
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...
CVE-2023-25568 Boxo bitswap/server: DOS unbounded persistent memory leak
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...