Improper Authentication

auth is vulnerable to Improper Authentication. The vulnerability is due to incorrect mapping of all Patreon OAuth accounts to the same local user ID, which allows an attacker to gain unauthorized access through account merging and privilege confusion...

CVE-2026-42560

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...

CVE-2026-42560

The CVE describes a vulnerability in the Patreon OAuth provider used by github.com/go-pkgz/auth, where the mapUser logic computes a local user ID from an uninitialized field, causing every Patreon-authenticated user to share the same local identity. The GHSA advisory details show the code path wh...

Debian DSA-801-1 : ntp - programming error

SuSE developers discovered that ntp confuses the given group id with the group id of the given user when called with a group id on the commandline that is specified as a string and not as a numeric gid, which causes ntpd to run with different privileges than intended. %NASLMINLEVEL 70300 C Tenabl...