27 matches found
EUVD-2013-1867
Malware in sbrugna...
EUVD-2022-6276
Malicious code in bioql PyPI...
EUVD-2022-6249
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2013-1864
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Portable Tool Library aka PTLib before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remo...
CVE-2022-31157
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...
CVE-2022-31158
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...
CVE-2022-41596
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...
GHSA-5P73-QG2V-383H LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Patches Users should upgrade to version 5.0 immediately Workarounds None...
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Patches Users should upgrade to version 5.0 immediately Workarounds None...
GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...
CVE-2022-31158
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...
CVE-2022-31157
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...
Code injection
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...
Authentication flaw
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...
CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...
CVE-2022-31157
CVE-2022-31157 concerns the packbackbooks/lti-1-3-php-library. Before version 5.0, the nonce generation function was not cryptographically strong, enabling potential predictability of tokens and forgery of tokens. Affected software is the LTI 1.3 Tool Library implemented in PHP; the issue is a cr...
CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...
CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...
CVE-2022-31158
CVE-2022-31158 affects the packbackbooks/lti-1-3-php-library (LTI 1.3 Tool Library) for PHP. Prior to version 5.0, the Nonce Claim Value was not validated against the nonce in the Authentication Request, enabling a potential authentication bypass/capture-replay scenario as described by multiple s...