Azure Linux 3.0 Security Update: cjose (CVE-2023-37464)

The version of cjose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-37464 advisory. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM...

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2023-6296:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6296:01 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding...

MiracleLinux 7 : mod_auth_openidc-1.8.8-7.el7 (AXSA:2020-741:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-741:01 advisory. modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 modauthopenidc: Open redirect issue exists in URLs wi...

MiracleLinux 9 : mod_auth_openidc-2.4.10-1.el9_6.2 (AXSA:2025-10555:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10555:02 advisory. modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled CVE-2025-3891 Tenable has extracted the preceding description block...

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2025:4532-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4532-1 advisory. - Update to 2.4.17.1 bsc1248806 / PED-14130. - Remove many patches, as they've been merged upstream. Tenable has...

SUSE-SU-2025:4532-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - Update to 2.4.17.1 bsc1248806 / PED-14130. - Remove many patches, as they've been merged upstream...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2024:0762)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0762 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2023:0203)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0203 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2023-41362

Malicious code in bioql PyPI...

Fedora 41 : mod_auth_openidc (2025-be0c6f25ce)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-be0c6f25ce advisory. Rebase to new version resolves CVE-2025-31492 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Linux Distros Unpatched Vulnerability : CVE-2022-23527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open...

Linux Distros Unpatched Vulnerability : CVE-2023-37464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from...

SUSE: Security Advisory (SUSE-SU-2025:01962-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:01962-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2025-3891: Fixed denial of service via an empty POST request when OIDCPreservePost is enabled bsc1242015...

Alibaba Cloud Linux 3 : 0091: mod_auth_openidc:2.3 (ALINUX3-SA-2023:0091)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-37464: OpenIDC/cjose is a C library...

Debian: Security Advisory (DSA-5917-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4155-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-5917 : libapache2-mod-auth-openidc - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5917 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5917-1 [email protected] https://www.debian.org/security/ Moritz...

[SECURITY] [DSA 5917-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5917-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DLA 4155-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4155-1 [email protected] https://www.debian.org/lts/security/ Moritz Schlarb May 08, 2025 https://wiki.debian.org/LTS -...