CVE-2019-20879

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry...

Envoy crashes when JWT authentication is configured with the remote JWKS fetching

Summary Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. Details This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS...

CVE-2025-64527 Envoy crashes when JWT authentication is configured with the remote JWKS fetching

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch...

CVE-2025-64527

Envoy vulnerability CVE-2025-64527: In versions 1.33.12, 1.34.10, 1.35.6, 1.36.2 and earlier, a re-entry bug in JwksFetcherImpl triggers a crash when JWT authentication uses remote JWKS with allow_missing_or_failed and multiple tokens in headers if the JWKS fetch fails. The first token’s JWKS fet...

EUVD-2024-44377

Malicious code in bioql PyPI...

CVE-2024-4784

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...

CVE-2024-4784

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...

CVE-2024-4784 Authentication Bypass by Primary Weakness in GitLab

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...

CVE-2024-4784 Authentication Bypass by Primary Weakness in GitLab

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...

CVE-2024-4784

Removed by vendor...

ROS-20240627-03

A vulnerability in the QEMU hardware emulator is related to a memory re-release error. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by performing a DMA re-entry...

ROS-20240625-04

A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the registervfs function hw/pci/pciesriov.c of the QEMU hardware emulator is related to a buffer overflo...

Re-entrancy in flash minting USDO can bypass max checks

Lines of code Vulnerability details Impact function flashLoan IERC3156FlashBorrower receiver, address token, uint256 amount, bytes calldata data external override notPaused returns bool // @audit re-enter and mint requiretoken == addressthis, "USDO: token not valid"; requiremaxFlashLoantoken =...

TokenManager.sendToken/callContractWithInterchainToken/transmitInterchainTransfer require re-entry protection

Lines of code Vulnerability details Impact Anyone can deploy a TokenManagerLockUnlock for the existing ERC20 via registerCanonicalToken, and deploy the corresponding token on a target chain via deployRemoteCanonicalToken. After the TokenManagers of the two chains are created, users can transfer...

nonReentrant modifier is not added to all functions that generate state changes, there is a possibility of re-entry.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. I noticed that the nonReentrant modifier only adds some of the functions that generate state changes to the InfinityExchange.sol contract, which provides the feasibility of reentrancy between multiple...

OPENSUSE-SU-2021:0316-1 Security update for tor

This update for tor fixes the following issues: tor was updated to 0.4.5.6: https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html Introduce a new MetricsPort HTTP interface Support IPv6 in the torrc Address option Add event-tracing library support for USDT and LTTng-UST Tr...

CVE-2019-20879

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry...

Code injection

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry...

CVE-2019-20879

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry...

CVE-2018-6085

Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page...