[SECURITY] Fedora 44 Update: python-msal-1.36.0-1.fc44

The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...

[SECURITY] Fedora 43 Update: python-msal-1.36.0-1.fc43

The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...

CLEANSTART-2026-DY37532 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Security vulnerability affects the cortex-fips package. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

Security Bulletin: A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-27086)

Summary A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation for authentication processing. This bulletin identifies the security fixes to apply to...

Microsoft NTLM 安全漏洞

Microsoft NTLM is a Microsoft authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to perform spoofing attacks. The following...

Microsoft NTLM 安全漏洞

Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM that originates from an attacker exploiting the vulnerability to perform a spoofing...

EUVD-2019-10044

Malware in sbrugna...

EUVD-2024-2098

Malicious code in bioql PyPI...

Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication

Amazon has disrupted a Russian APT29 watering hole campaign that used compromised sites to target Microsoft authentication with…...

Microsoft NTLM 授权问题漏洞

Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. An authorization problem vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to elevate privileges. The...

CVE-2019-1487

An information disclosure vulnerability in Android Apps using Microsoft Authentication Library MSAL 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'...

Microsoft NTLM 安全漏洞

Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to perform spoofing attacks. The followin...

CVE-2025-21369

CVE-2025-21369 is listed by the NCSC advisory as a vulnerability in Microsoft Windows’ Digest Authentication that enables executing arbitrary code. The advisory attributes an overall high severity (CVSS v3.1 base 8.80) with a network attack vector and impact. The connected document confirms the v...

Malicious code in microsoft-authentication-libraries-for-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f75669d6664923be2d575d6ea6dd476150b546b8a89bf1af9ee6fd470045b85f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1149 Malicious code in microsoft-authentication-libraries-for-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f75669d6664923be2d575d6ea6dd476150b546b8a89bf1af9ee6fd470045b85f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft NTLM 安全漏洞

Microsoft NTLM is a Microsoft USA authentication protocol used on networks including systems running the Windows operating system as well as standalone systems. A security vulnerability exists in Microsoft NTLM. An attacker could exploit the vulnerability to elevate privileges. The following...

Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains TLDs has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didnt exist at the time. Meaning, they are continuously sending their Windows usernam...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js (CVE-2024-35255, CVE-2024-37168)

Summary IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

CVE-2024-35255

A flaw was found in Microsoft's Azure Identity Libraries and the Microsoft Authentication Library MSAL. The flaw arises from a race condition—a scenario where the timing of events leads to unexpected behavior—during concurrent operations on shared resources. This can result in privilege escalatio...

GHSA-RVJ4-Q8Q5-8GRF ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References - CVE-2024-35255 Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds...