WP OAuth Server < 3.4.2 – Client Secret Regeneration via CSRF

The plugin does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client IDRead More ...

Continue Reading
Insecure Session Management

Concrete CMS is vulnerable to insecure sessions management. The vulnerability exists in the `attemptAuthentication` function in `GenericOauthTypeController.php` where it does not issue a new session I ...

Continue Reading
Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...

Continue Reading
(RHSA-2022:7519) Moderate: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (7.5.1 ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Oracle Linux 8 : grafana (ELSA-2022-7519)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7519 advisory. - Acceptance of some invalid Transfer-Encoding heade ...

Continue Reading
RHEL 9 : grafana (RHSA-2022:8057)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8057 advisory. - sanitize-url: XSS due to improper sanit ...

Continue Reading
Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without ...

Continue Reading
Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy