GHSA-48MH-J4P5-7J9V Parse Server missing audience validation in Keycloak authentication adapter

Impact The Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token issued by the same Keycloak realm for a different client application can be used to authenticate as any user on the Parse...

Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

Summary The server certificate was not verified when an Arc agent connected to a Guardian or CMC. Impact A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and...

GHSA-H956-RH7X-PPGJ RustFS has a gRPC Hardcoded Token Authentication Bypass

Vulnerability Overview Description RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is: 1. Publicly exposed in the source code repository 2. Hardcoded on both client and server sides 3. Non-configurable with no mechanism for token rotation 4. Universally vali...

EUVD-2020-26594

Malware in sbrugna...

EUVD-2015-7904

Malware in sbrugna...

EUVD-2020-29878

Malware in sbrugna...

EUVD-2021-10817

Malware in sbrugna...

EUVD-2016-1693

Malware in sbrugna...

CVE-2021-23891

Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense...

ROS-20250430-08

A vulnerability in Nomad Application Orchestrator involves the insertion of sensitive information into a log file. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a client's secret client token...

Linux Distros Unpatched Vulnerability : CVE-2023-38315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a trytoauthenticate NULL pointer dereference that can be triggered with a crafte...

CVE-2024-13513

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's...

GO-2024-3113 Vault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vault

Vault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vault...

CVE-2024-32981

creationtimestamp| type| source ---|---|--- 2024-07-17 23:14:43+00:00| seen| https://t.me/cvedetector/1125...

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

Null pointer dereference

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

UBUNTU-CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

PT-2023-26359 · Opennds +1 · Opennds +1

Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 4.17.0.12 Description: The issue allows remote attackers to cause a denial of service through a GET request to "/opennds auth/" that lacks a custom query string parameter and client-token, resulting in a NULL pointer...

UBUNTU-CVE-2023-38315

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a trytoauthenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Service...

SUSE CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...