24 matches found
SUSE CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...
The vulnerability of the Microsoft Visual Studio Code Live Share Extension, related to the lack of data protection for service data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Microsoft Visual Studio Code Live Share Extension relates to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by intercepting tokens from the client to...
Accellion kiteworks authentication bypass vulnerability
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An authentication bypass vulnerability exists in versions of Accellion kiteworks prior to 2017.01.00. A remote attacker could exploit the vulnerability by...
DEBIAN-CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...