The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client IDRead More ...
Continue Reading
November 17, 2022
Concrete CMS is vulnerable to insecure sessions management. The vulnerability exists in the `attemptAuthentication` function in `GenericOauthTypeController.php` where it does not issue a new session I ...
Continue Reading
November 16, 2022
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...
Continue Reading
November 16, 2022
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (7.5.1 ...
Continue Reading
November 16, 2022
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7519 advisory. - Acceptance of some invalid Transfer-Encoding heade ...
Continue Reading
November 16, 2022
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8057 advisory. - sanitize-url: XSS due to improper sanit ...
Continue Reading
November 16, 2022
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without ...
Continue Reading
November 16, 2022
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without ...
Continue Reading
November 16, 2022
Back to Main
