23 matches found
EUVD-2021-19524
Malware in sbrugna...
EUVD-2021-15796
Malware in sbrugna...
EUVD-2022-4977
Malicious code in bioql PyPI...
Exploit for CVE-2024-9014
CVE-2024-9014 - pgAdmin 4 OAuth2 Authentication Bypass Exploit...
TencentOS Server 4: lemonldap-ng (TSSA-2024:0991)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0991 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2021-43203
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly...
CVE-2021-32753
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is...
CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...
UBUNTU-CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty clientpassword parameter client secret...
PT-2024-6396
Name of the Vulnerable Software and Affected Versions pgAdmin versions 8.11 and earlier Description The issue is related to a security flaw in OAuth2 authentication, allowing an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. The vulnerability...
CVE-2024-38351 Password auth and OAuth2 unverified email linking
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
Updated dovecot packages fix security vulnerabilities
Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...
JetBrains Ktor Licensing Issue Vulnerability
JetBrains Ktor is a web application framework from JetBrains Czech Republic. An authorization issue vulnerability exists in JetBrains Ktor prior to 1.6.4, which stems from improper implementation of nonce authentication in the OAuth2 authentication process. No detailed vulnerability details are...
CVE-2021-43203
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly...
CVE-2021-43203
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly...
openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:1225-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1225-1 advisory. - The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular...
CVE-2021-32753
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is...
CVE-2021-32753 Weak password in API gateway in EdgeX Foundry Edinburgh, Fuji, Geneva, and Hanoi releases allows remote attackers to obtain authentication token via dictionary-based password attack when OAuth2 authentication method is enabled.
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is...
CVE-2021-29157
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...
SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2021:2122-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2122-1 advisory. - Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication...