CVE-2022-39339

useroidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account...

Fedora: Security Advisory (FEDORA-2024-9974808629)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-27811 · Nextcloud · Nextcloud User Oidc

Name of the Vulnerable Software and Affected Versions: Nextcloud user oidc app versions prior to 1.3.5 Nextcloud user oidc app versions prior to 2.0.0 Nextcloud user oidc app versions prior to 3.0.0 Nextcloud user oidc app versions prior to 4.0.0 Nextcloud user oidc app versions prior to 5.0.0...

Fedora: Security Advisory for rust-vhost-user-backend (FEDORA-2024-f2305d485f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-vhost-user-backend (FEDORA-2024-04877592b7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

fuse-backend-rs (>=0.10.5 <=0.12.0), linux-loader (>=0.8.0 <=0.9.0) +6 more potentially affected by CVE-2023-41051 via vm-memory (>=0.10.0 <=0.11.0)

vm-memory CARGO version =0.10.0, =0.10.5, =0.8.0, =0.6.0, =0.8.0, =0.7.0, =0.4.0, =0.2.0, =1.5.1, =1.6.1 Source cves: CVE-2023-41051 Source advisory: OSV:GHSA-49HH-FPRX-M68G...

fuse-backend-rs (>=0.10.5 <=0.12.0), linux-loader (>=0.8.0 <=0.9.0) +6 more potentially affected by CVE-2023-41051 via vm-memory (>=0.10.0 <=0.11.0)

vm-memory CARGO version =0.10.0, =0.10.5, =0.8.0, =0.6.0, =0.8.0, =0.7.0, =0.4.0, =0.2.0, =1.5.1, =1.6.1 Source cves: CVE-2023-41051 Source advisory: OSV:RUSTSEC-2023-0056...

SUSE CVE-2014-0482

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors...

SUSE CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

Cross site scripting

useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...

Nextcloud: [user_oidc] Stored XSS via Authorization Endpoint - Safari-Only

Summary: The OpenID Connect User Backend allows users to login to Nextcloud using SSO. A workaround that was apparently implemented for the Safari browser enables stored Cross-Site-Scripting XSS. The vulnerability only affects user agents that include "Safari" within their user agent string and i...

Nextcloud: [user_oidc] Unencrypted Communications

The OpenID Connect User Backend allows users to login to Nextcloud using SSO and is - according to the policy - part of the main scope of this program. The implementation supports plain HTTP without TLS and transfers sensitive information such as OIDC clientsecrets in an unencrypted manner...

dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

DEBIAN-CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

Design/Logic Flaw

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

UBUNTU-CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

Cloudera HUE Session cookies stored in the database

User session cookies are stored in the database. Combined with the vulnerability related to configuration file which is world readable, it is possible to spoof a user across the entire cluster launching jobs and browsing the datalake, without having to crack password hashes. Cookies are stored in...