PT-2023-5097 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: The issue is related to the improper implementation of security checks for standard elements in Keycloak, a software tool for identity and access management. This can allow a remote attack...

Squarephish - An advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes

SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes. See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks. / | | | | | | | | | | | | | \ \ / | | | |/ | '/ \ /| ' | / | ' \ | | | || | | |...

TokenTactics - Azure JWT Token Manipulation Toolset

Azure JSON Web Token "JWT" Manipulation Toolset Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user's access token, it may be possible to access certain apps such as...

Vulnerability of the tiff12_print_page() function (device/gdevtfnx.c) in the software suite for processing, converting, and generating Ghostscript documents, allowing a hacker to trigger a service failure

The vulnerability of the tiff12printpage function device/gdevtfnx.c in the software suite for processing, transforming, and generating Ghostscript documents is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...