108 matches found
PT-2024-5522 · Unknown · Exacqvision Web Service
Name of the Vulnerable Software and Affected Versions: exacqVision Web Service affected versions not specified Description: The issue is related to the exposure of authentication token details within communications under certain circumstances. This can occur when the exacqVision Web Service handl...
Authentication Bypass
namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation which permits tokens signed with 'none' algorithms to be processed, effectively allowing authentication to bypass signature validation...
YourSpotify Security Breach
YourSpotify is a self-hosted Spotify tracking dashboard. A security vulnerability exists in versions of YourSpotify prior to 1.8.0 that stems from vulnerability to NoSQL injection in the public access token processing logic, allowing an attacker to completely bypass the public token authenticatio...
PT-2024-22326 · Unknown · Yourspotify
Name of the Vulnerable Software and Affected Versions: YourSpotify versions prior to 1.8.0 Description: The issue concerns a NoSQL injection vulnerability in the public access token processing logic. This allows attackers to bypass the public token authentication mechanism without user interactio...
Fedora: Security Advisory for dogtag-pki (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: dogtag-pki-11.5.0-3.fc40
Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Dogtag PKI consists of the following components: Certificate Authority CA Key Recovery Authority KRA Online Certificate Status Protocol OCSP Manager Token Key Service TKS Token...
Link - Moderately critical - Cross site scripting - SA-CONTRIB-2022-034
This module enables you to add URL fields to entity types with a variety of options. The module doesn't sufficiently filter output when token processing is disabled on an individual field. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create...
Fedora: Security Advisory for dogtag-pki (FEDORA-2021-99ca984f32)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for pki-core (FEDORA-2021-54a73a7112)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for dogtag-pki (FEDORA-2021-54a73a7112)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: pki-core-10.10.6-1.fc33
Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: Automatic Certificate Management Environment ACME Responder Certificate Authority CA Key Recovery Authority KRA Online Certificate Status...
[SECURITY] Fedora 33 Update: dogtag-pki-10.10.6-1.fc33
Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: Automatic Certificate Management Environment ACME Responder Certificate Authority CA Key Recovery Authority KRA Online Certificate Status...
[SECURITY] Fedora 34 Update: pki-core-10.10.6-1.fc34
Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: Automatic Certificate Management Environment ACME Responder Certificate Authority CA Key Recovery Authority KRA Online Certificate Status...
[SECURITY] Fedora 34 Update: dogtag-pki-10.10.6-1.fc34
Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: Automatic Certificate Management Environment ACME Responder Certificate Authority CA Key Recovery Authority KRA Online Certificate Status...
pki-core: Stored XSS in TPS profile creation
A flaw was found in the pki-core's Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a...
pki-core: unsanitized token parameters in TPS resulting in stored XSS
It was found that the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user...
pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab
It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...
Cross-Site Scripting (XSS)
pki-core is vulnerable to cross-site scripting. The vulnerability exists due to the pki-core's Token Processing Service TPS not properly sanitizing Profile IDs...
Cross Site Scripting (XSS)
pki-core is cross-site scripting XSS. The vulnerability exists because the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token...
pki-core: unsanitized token parameters in TPS resulting in stored XSS
It was found that the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user...