64 matches found
Local Incus UI web server vulnerable to nuthentication bypass
Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...
CVE-2026-33898
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...
EUVD-2020-21265
Malware in sbrugna...
EUVD-2007-0110
Malware in sbrugna...
EUVD-2012-4398
Malware in sbrugna...
CVE-2022-46829
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...
Error: "SR BACKEND FAILURE 181" in XenServer
After installation or upgrade to XenServer 6.0, user experiences issues with any storage related operations. The following error message appears: “SRBACKENDFAILURE181 Error In metadata Volume Operation For SR.” The following entries appears in the log /var/log/SMlog file: Error code:...
Mio Security Breach
Mio is the Metal I/O library for Rust. A security vulnerability exists in Mio versions v0.7.2 through prior to v0.8.11, which stems from the return of invalid tokens under certain circumstances, potentially leading to reuse after release...
CVE-2023-38367
IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...
CVE-2023-38367 IBM Cloud Pak for Automation authentication bypass
IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...
PT-2024-12715 · Ibm · Ibm Cloud Pak Foundational Services Identity Provider
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak Foundational Services Identity Provider idP API versions 18.0.0 through 22.0.2 Description: The issue allows an unauthenticated attacker to perform CRUD operations using an invalid token, potentially enabling them to view, updat...
SUSE CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
UBUNTU-CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from the fact that if a client sends an invalid mechanical token in a session setup request, ksmbd validates it a...
PT-2024-2003 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel ksmbd affected versions not specified Description: The issue is related to the incorrect handling of authentication tokens in the smb2 sess setup function within the Linux kernel's ksmbd server. This can potentially allow an...
Deposit will always revert when depositing ETH if one of the GeVault tokens is not WETH
Lines of code Vulnerability details Impact When a user deposits funds, the deposit function requires an argument namely, the address of the token with which to fund the transaction. If the GeVault has two tokens of for example: USDC/DAI. Line 251 expects the function argument to be the address of...
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.
...
xml-rs vulnerable to denial of service via invalid token in XML document
The xml-rs crate = 0.8.9 and 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document...
CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...
UBUNTU-CVE-2023-34411
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...