CVE-2022-35228

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...

EUVD-2025-131956

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

EUVD-2019-7802

Malware in sbrugna...

EUVD-2022-38120

Malicious code in bioql PyPI...

CVE-2019-14366

WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

CVE-2019-17398

In the Dark Horse Comics application 1.3.21 for Android, token information equivalent to the username and password is stored in the log during authentication, and may be available to attackers via logcat...

Apache Linkis Elevation of Privilege Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An elevation of privilege vulnerability exists in Apache Linkis, which can be exploited by an attacker to gain...

Improper Privilege Management

org.apache.linkis: linkis-common is vulnerable to Improper Privilege Management. The vulnerability is due to incorrect handling of permissions for Critical Resources. An attacker with a trusted account can gain unauthorized access to the Token information and escalate privileges...

GHSA-V352-RG37-5Q5M Apache Linkis vulnerable to privilege escalation

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

CVE-2024-27181

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

CVE-2024-27181

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

CVE-2024-27181

CVE-2024-27181 affects Apache Linkis prior to 1.6.0. The issue is privilege escalation in the Basic management services where an attacker with a trusted account can access Linkis token information, elevating privileges. The root cause is elevation of privilege through trusted-account access to se...

Opensc: memory use after free in authentic driver when updating token info

...

CVE-2022-32961

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code,...

CVE-2022-32961

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code,...

CVE-2022-32961

CVE-2022-32961 concerns HICOS’ client-side citizen digital certificate component, which has a stack-based buffer overflow when reading an IC card due to insufficient validation of token information parameter length. The vulnerability can be exploited by an unauthenticated, physical attacker to ex...

CVE-2022-35228

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...

CVE-2022-35228

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...

CVE-2022-35228

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...

CVE-2022-35228

SAP BusinessObjects Central Management Console (CMC) is affected by CVE-2022-35228. The issue allows an unauthenticated attacker to retrieve token information over the network under conditions where a legitimate user accesses the application and a local compromise (e.g., sniffing or social engine...