Malicious code in @idps/contrib-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b812aaf7e12bd61301969890faac8bcd578104dec35d8c53abfd520ab05c4c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11217

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options...

CVE-2024-11217

CVE-2024-11217 affects the OAuth-server (including oauth-server-container). The vulnerability causes the OAuth2 client secret to be logged when the logLevel is set to Debug or higher for OIDC/GitHub/GitLab/Google IDP logins. Impact is exposure of OAuth2 client secrets via logs (confidentiality ri...

CVE-2024-11217 Oauth-server-container: oauth-server-container logs client secret in debug level

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options...

CVE-2024-11217 Oauth-server-container: oauth-server-container logs client secret in debug level

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options...

CVE-2024-11217

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options...

OpenSearch has time discrepancy in authentication responses

Impact There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider IdP, and not other externally configured IdPs. Patches OpenSearch 1.3.9...

PYSEC-2022-206

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

Minio Access Control Error Vulnerability

Minio MinIO is an open source object storage server from the US-based MinIO Minio. The product supports building infrastructures for machine learning, analytics, and application data workloads. An access control error vulnerability exists in Minio 0.12.2 and prior versions, which stems from an...

Why Stand-Alone IDPS Matters More Than Ever, and the 2018 Gartner Magic Quadrant

First, What is IDPS and Why Do We Care? Intrusion Prevention Systems IPS emerged as an improvement on Intrusion Detection Systems IDS. IDS are out-of-band collectors of network traffic that analyze the information and provide alerts. The “eureka” of IPS was that instead of just alerting, why not...

MorphAES - IDPS & SandBox & AntiVirus STEALTH KILLER

MorphAES is the world's first polymorphic shellcode/malware engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it's cross-platform as well and library-independent. Properties: Polymorphism AES encryption Metamorphism logic and constant...

IDPS SandBox AntiVirus Stealth Killer: MorphAES

IDPS SandBox AntiVirus Stealth Killer MorphAES is the world’s first polymorphic shellcode/malware engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it’s cross-platform as well and library-independent. Properties: Polymorphism AES...

CVE-2006-7053

The CVE-2006-7053 entry concerns Arkoon FAST360 UTM appliances (versions 3.0 through 3.0/29, 3.1, 3.2, 3.3). The vulnerability allows remote attackers to bypass keyword filtering in the FAST HTTP module and bypass signatures in the IDPS HTTP module by sending crafted URLs that are misinterpreted....

CVE-2006-7053

Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."...