EUVD-2022-6610

Malicious code in bioql PyPI...

EUVD-2023-27049

Malicious code in bioql PyPI...

EUVD-2023-32151

Malicious code in bioql PyPI...

EUVD-2023-28156

Malicious code in bioql PyPI...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

Debian dsa-5853 : libpam-u2f - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5853 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5853-1 [email protected] https://www.debian.org/security/...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

Code injection

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...

CVE-2023-22948

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...

PT-2023-18790 · Tigergraph · Tigergraph Enterprise Free Edition

Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: The issue allows for unsecured read access to an SSH private key. Any code running as the tigergraph user can read the SSH private key, granting an attacker password-less SSH access...

Apple announces 3 new security features

Apple has announced three new security features focused on protecting user data in the cloud: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023...

GHSA-QPQ9-JPV4-6GWR Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

CVE-2021-3632

CVE-2021-3632 is a Keycloak/WebAuthn flow flaw that allows an attacker to register a new security device or key for any user when no device exists for that user. The issue is present in Red Hat SSO 7.x as part of the 7.4.9 security updates; Red Hat advisories RHSA-2021:3527/3528/3529 list the fix...

Microsoft makes a bold move towards a password-less future

In a recent blog Microsoft announced that as of September 15, 2021 you can completely remove the password from your Microsoft account and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to Microsoft apps and service...

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...