25 matches found
CVE-2026-5622
A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...
CVE-2026-5622
CVE-2026-5622 affects hcengineering Huly Platform 0.7.382. The vulnerability concerns the JWT Token Handler component, specifically foundations/core/packages/token/src/token.ts, where manipulating SERVER_SECRET with the input secret leads to the use of a hard-coded cryptographic key. The issue ca...
fence-agents security update
4.2.1-129.20 - bundled urllib3: fix CVE-2025-66471 - bundled urllib3: fix CVE-2026-21441 Resolves: RHEL-139756, RHEL-140783 4.2.1-129.17 - bundled urllib3: fix CVE-2025-66418 Resolves: RHEL-136027 4.2.1-129.16 - fencenutanixahv: new fence agent Resolves: RHEL-110964 4.2.1-129.15 - fencekubevirt:...
CVE-2025-10937
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
EUVD-2025-35720
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937
CVE-2025-10937 concerns Oxford Nanopore MinKNOW (versions up to 24.11). The DoS arises from how a local authentication token is written to a temporary file, created in /tmp and world-accessible, allowing an unauthenticated local user/process to place a file lock (flock) on the token file, prevent...
CVE-2025-10937 Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937 Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
PT-2025-42400
Name of the Vulnerable Software and Affected Versions YAML::Syck versions before 1.36 Description YAML::Syck, a Perl module, contains a flaw due to missing null terminators in the token.c file. This can lead to an out-of-bounds read, potentially resulting in information disclosure. The issue is...
Linux Distros Unpatched Vulnerability : CVE-2023-30402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm- token.re. Note: This has been disputed by third parties who...
AZL-45396 CVE-2023-39070 affecting package cppcheck for versions less than 2.18.3-1
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the handledotlabel function at /nasm/nasm-token.re. Remediation There is no fixed version for yasm. References - GitHub Issue Credit: randomssr...
CVE-2023-30402
YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...
AZL-26359 CVE-2023-30402 affecting package yasm 1.3.0-17
YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...
PT-2022-22004 · I3Geo · I3Geo
Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the request token.php file, which suggests it may be related to the...
PT-2022-22003 · Unknown · Portal Do Software Publico Brasileiro I3Geo
Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the access token.php file. Cross-site scripting XSS is a type of...
resource-agents bug fix and enhancement update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: gcp-vpc-move-vip, gcp-vpc-move-route, gcp-pd-move: A failed...
ALBA-2022:0347 resource-agents bug fix and enhancement update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: gcp-vpc-move-vip, gcp-vpc-move-route, gcp-pd-move: A failed...
resource-agents bug fix and enhancement update
An update is available for resource-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...