EUVD-2014-0039

Malware in sbrugna...

SUSE CVE-2013-4347

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

SimpleGeo python-oauth2 does not check the nonce allowing replay attacks

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The vulnerability does not appear to be patched according to the following discussion...

SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

Mageia: Security Advisory (MGASA-2013-0314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege Escalation

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...

Cross-Site Scripting (XSS)

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...

Nonce Values Unchecked

python-oauth2 is vulnerable to replay attacks. This vulnerability is caused in the Server.verifyrequest function where it does not check the nonce value, allowing remote attackers to perform replay attacks through a signed URL...

Amazon Linux: Security Advisory (ALAS-2014-425)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : Red Hat Satellite 6.1.1 on RHEL 6 (Important) (RHSA-2015:1592)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1592 advisory. Red Hat Product Security has rated this update as having an important security impact. Common Vulnerability Scoring System CVSS base scores,...

python-oauth2: Uses poor PRNG in nonce

It was found that python-oauth2 did not properly generate random values for use in nonces. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...

python-oauth2: _check_signature() ignores the nonce value when validating signed urls

It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...

Fedora 21 : python-oauth2-1.5.211-8.fc21 (2014-12483)

Actually apply patch to fix CVE-2013-4347 thanks to Jason Green, Matt Wilson. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block direct...

[SECURITY] Fedora 21 Update: python-oauth2-1.5.211-8.fc21

Oauth2 was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers: - 100...

Fedora Update for python-oauth2 FEDORA-2014-12475

Check the version of python-oauth2 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868433";...

Fedora 20 : python-oauth2-1.5.211-8.fc20 (2014-12475)

Actually apply patch to fix CVE-2013-4347 thanks to Jason Green, Matt Wilson. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block direct...

Fedora Update for python-oauth2 FEDORA-2014-12536

Check the version of python-oauth2 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868428";...

Fedora 19 : python-oauth2-1.5.211-8.fc19 (2014-12536)

Actually apply patch to fix CVE-2013-4347 thanks to Jason Green, Matt Wilson. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block direct...

Amazon Linux AMI : python-oauth2 (ALAS-2014-425)

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonce...

Fedora Update for python-oauth2 FEDORA-2014-10786

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...