Apache Superset 跨站请求伪造漏洞

A cross-site request forgery vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from the failure of two legacy REST APIs for granting and requesting access to properly validate user input, which could be...

FreeBSD : FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys (eda151d8-4638-11e1-9f47-00e0815b8da8)

The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pamssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providi...