EUVD-2021-23559

Malware in sbrugna...

EUVD-2020-0428

Malware in sbrugna...

CVE-2021-36983

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...

SUSE CVE-2021-36983

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...

GHSA-65MJ-7C86-79JF Authentication Bypass in ADOdb/ADOdb

Impact An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes. Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc. Patches...

CVE-2021-36983

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...

CVE-2021-36983

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...

Design/Logic Flaw

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...

Sorcery 后置链接漏洞

Sorcery is an authentication software package. A backlink vulnerability exists in play-sorcery-kms in Sorcery version 0.6.0. A local attacker can exploit this vulnerability to gain root privileges by attacking /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock via symbolic links...

CVE-2021-36983

replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...

CVE-2021-36983

CVE-2021-36983 affects Replay Sorcery 0.6.0, specifically the replay-sorcery-kms component. The root cause is a symlink race on the temporary paths /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock, enabling a local attacker to escalate privileges to root. Impact is described as local privil...

Improper Session Management

sorcery uses an improper session management. The vulnerability allows brute force attack to be carried out on the password authentication since the expired protection is not re-enabled after the first lockout period...

GHSA-JC8M-CXHJ-668X Improper Restriction of Excessive Authentication Attempts in Sorcery

Impact Brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired protection will not be re-enabled until a user or malicious actor logs in successfully. This doe...

Improper Restriction of Excessive Authentication Attempts in Sorcery

Impact Brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired protection will not be re-enabled until a user or malicious actor logs in successfully. This doe...

CVE-2020-11052

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...

CVE-2020-11052

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...

Design/Logic Flaw

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...

Authentication Bypass

Overview sorcery is a package that provides common authentication needs such as signing in/out, activating by email and resetting password. Affected versions of this package are vulnerable to Authentication Bypass. There is a brute force vulnerability when using password authentication via Sorcer...

CVE-2020-11052

Summary: CVE-2020-11052 describes a brute-force vulnerability in Sorcery prior to 0.15.0 related to password authentication. The built-in brute-force protection submodule would block attempts for a defined lockout period, but after expiry the protection is not re-enabled automatically unless a su...

CVE-2020-11052 Improper Restriction of Excessive Authentication Attempts in Sorcery

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...