23 matches found
Astra Linux - уязвимость в inetutils
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
Exploit for CVE-2026-28372
CVE-2026-28372 — GNU inetutils telnetd Privilege Escalation Po...
Exploit for CVE-2026-28372
CVE-2026-28372 — GNU inetutils telnetd Privilege Escalation Po...
EUVD-2026-9000
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
UBUNTU-CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
CVE-2026-28372
CVE-2026-28372 affects telnetd in GNU inetutils up to version 2.7. The root cause is that login(1) in util-linux 2.40 added systemd service credentials support, enabling a local unprivileged user to influence the CREDENTIALS_DIRECTORY environment variable and create a login.noauth file, which can...
CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
PT-2026-22300
Name of the Vulnerable Software and Affected Versions GNU inetutils versions through 2.7 Description A privilege escalation issue exists in telnetd within GNU inetutils. The issue stems from improper handling of the CREDENTIALS DIRECTORY environment variable, introduced with systemd service...
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service SaaS applications. Identity security company Semperis, in an analysis of 104 SaaS applications,...
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
GHSA-5G66-628F-7CVJ Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
CVE-2024-21632
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...