PT-2026-24137

Name of the Vulnerable Software and Affected Versions Pocket ID versions prior to 2.4.0 Description Pocket ID is an OIDC provider susceptible to cross-client code exchange and expired code reuse. The OIDC token endpoint incorrectly validates authorization codes, only rejecting them when both the...

UBUNTU-CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

UBUNTU-CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

PT-2021-6756 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 and later Description: The issue is related to the improper handling of OAuth client IDs, which causes new subscriptions to generate OAuth tokens on an incorrect OAuth client application. This can allow a remote...

GitLab 输入验证错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab th...

SUSE: Security Advisory (SUSE-SU-2016:2449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES11 Security Update : curl (SUSE-SU-2016:2449-1)

This update for curl fixes the following issues : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-7141: Fixed incorrect reuse of client certificates bsc997420. Note that Tenable Network Security...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2016:2330-1)

This update for curl fixes the following issues: Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fixe...

openSUSE Security Update : curl (openSUSE-2016-1043)

This update for curl fixes the following issues : - fixing a performance regression with FTP boo991746 - TLS session resumption client cert bypass boo991389, CVE-2016-5419 - Re-using connections with wrong client cert boo991390, CVE-2016-5420 - use of connection struct after free boo991391,...

FreeBSD : Vulnerabilities in Curl (e4bc70fc-5a2f-11e6-a1bc-589cfc0654e1)

Curl security team reports : CVE-2016-5419 - TLS session resumption client cert bypass CVE-2016-5420 - Re-using connections with wrong client cert CVE-2016-5421 - use of connection struct after free %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

Apache Tomcat information leakage

Under some conditions, information may be sent to wrong client...