43 matches found
EUVD-2020-0119
Malware in sbrugna...
Session Fixation
org.jenkins-ci.plugins, oic-auth is vulnerable to Session Fixation. The vulnerability is due to the plugin failing to invalidate the previous session on login, allowing an attacker to reuse an old session...
OPENSUSE-SU-2024:14150-1 python310-oic-1.5.0-1.8 on GA media
These are all security issues fixed in the python310-oic-1.5.0-1.8 package on the GA media of openSUSE Tumbleweed...
Cleartext Storage Of Sensitive Information
oic-auth is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to a password of a local user account stored in plain text. This password is used as an anti-lockout feature. An attacker with access to jenkins controller file system can recover this password and like...
OIC Exponent CMS SQL注入漏洞
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions. An SQL injection vulnerability exists in OIC Exponent CMS...
OIC Exponent CMS File Upload Vulnerability
OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports direct editing in pages and provides user management, site configuration, content editing, etc. Exponent CMS has a file upload vulnerability that stems from the application's...
OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33602)
OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions.Exponent CMS has a cross-site scripting vulnerability, which...
OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33604)
OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports editing directly in the page and provides user management, site configuration, content editing and other functions. oic Exponent CMS has a cross-site scripting vulnerability,...
OIC Exponent CMS 跨站脚本漏洞
OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports editing directly in the page and provides user management, site configuration, content editing and other functions. oic Exponent CMS has a cross-site scripting vulnerability,...
OIC Exponent CMS Input Validation Error Vulnerability (CNVD-2021-02002)
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...
OIC Exponent CMS Input Validation Error Vulnerability (CNVD-2021-02030)
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...
OIC Exponent CMS Input Validation Error Vulnerability (CNVD-2021-02003)
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...
OIC Exponent CMS Input Validation Error Vulnerability (CNVD-2021-02029)
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...
Multiple cryptographic issues in Python oic
Impact Client implementations using this library Issues 1 The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2 JWA none algorithm was allowed in all flows. 3 oic.consumer.Consumer.parseauthz returns an unverified IdToken. Th...
candig-ingest (>=1.3.1 <=1.5.0), candig-server (>=1.0.2 <=1.4.0) +18 more potentially affected by CVE-2020-26244 via oic (>=0.11.0.1 <=1.1.2)
oic PYPI version =0.11.0.1, =1.3.1, =1.0.2, =0.1.0, =0.0.24, =0.0.1, =0.0.4, =1.0.1, =1.0.0, =1.0.0, =0.2.0, =0.1.101, =2.1.1, =1.0.0, =0.0.10, =0.0.11, =0.0.21 and more Source cves: CVE-2020-26244 Source advisory: OSV:GHSA-4FJV-PMHG-3RFG...
GHSA-4FJV-PMHG-3RFG Multiple cryptographic issues in Python oic
Impact Client implementations using this library Issues 1 The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2 JWA none algorithm was allowed in all flows. 3 oic.consumer.Consumer.parseauthz returns an unverified IdToken. Th...
Cipher Downgrade Attack
oic is vulnerable to cipher downgrade attacks. The vulnerability exists as the IdToken signature algorithm is not checked automatically, and that the JWA none algorithm is always allowed, and that the IdToken returned from oic.consumer.Consumer.parseauthz is not verified, and the iat claim is not...
CVE-2020-26244
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...
CVE-2020-26244
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...
candig-ingest (>=1.3.1 <=1.5.0), candig-server (>=1.0.2 <=1.4.0) +18 more potentially affected by CVE-2020-26244 via oic (>=0.11.0.1 <=1.1.2)
oic PYPI version =0.11.0.1, =1.3.1, =1.0.2, =0.1.0, =0.0.24, =0.0.1, =0.0.4, =1.0.1, =1.0.0, =1.0.0, =0.2.0, =0.1.101, =2.1.1, =1.0.0, =0.0.10, =0.0.11, =0.0.21 and more Source cves: CVE-2020-26244 Source advisory: OSV:PYSEC-2020-69...