Lucene search
+L

193 matches found

Prion
Prion
added 2018/10/18 10:29 p.m.34 views

Authorization

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

6.8CVSS8.1AI score0.02153EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/10/18 10:29 p.m.32 views

CVE-2018-15758

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

8.1CVSS8.4AI score0.02153EPSS
Exploits0References3
CVE
CVE
added 2018/10/18 10:0 p.m.108 views

CVE-2018-15758

Spring Security OAuth vulnerability CVE-2018-15758 affects multiple branches: 2.3.x before 2.3.4, 2.2.x before 2.2.3, 2.1.x before 2.1.3, and 2.0.x before 2.0.16 (older unsupported versions). The issue, described across connected sources, allows a malicious user to craft a request to a custom app...

9.6CVSS8.1AI score0.02153EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/10/18 10:0 p.m.46 views

CVE-2018-15758 Privilege Escalation in spring-security-oauth2

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

9.6CVSS9.4AI score0.02153EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2018/10/16 12:0 a.m.7 views

Privilege Escalation in spring-security-oauth2

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...

9.6CVSS7.3AI score0.02153EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/01 12:0 a.m.4 views

Unisys Stealth Solution Stealth Authorization Server Information Disclosure Vulnerability

Unisys Stealth Solution is a software-based solution for preventing cyber threats and protecting assets from Unisys, Inc. Stealth Authorization Server is one of the authentication servers. A security vulnerability exists in the Stealth Authorization Server in Unisys Stealth Solution prior to...

4.7CVSS5.3AI score0.00157EPSS
Exploits0References1
OSV
OSV
added 2018/05/30 9:29 p.m.3 views

CVE-2018-7534

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...

4.7CVSS5.7AI score0.00157EPSS
Exploits0References1
NVD
NVD
added 2018/05/30 9:29 p.m.18 views

CVE-2018-7534

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...

4.7CVSS4.8AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/30 9:0 p.m.12 views

CVE-2018-7534

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory...

4.8AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2018/05/30 9:0 p.m.41 views

CVE-2018-7534

The CVE-2018-7534 issue affects Unisys Stealth Solution’s Stealth Authorization Server prior to version 3.3.017.0, where an AES encryption key may remain in memory due to failures in memory encryption/garbage collection. This could allow an attacker with local access to obtain the key and perform...

4.7CVSS4.8AI score0.00157EPSS
Exploits0References1Affected Software1
FireEye
FireEye
added 2018/05/21 11:15 a.m.523 views

Shining a Light on OAuth Abuse with PwnAuth

Introduction Spear phishing attacks are seen as one of the biggest cyber threats to an organization. It only takes one employee to enter their credentials or run some malware for an entire organization to become compromised. As such, companies devote significant resources to preventing credential...

Exploits0
Hacker One
Hacker One
added 2014/09/04 7:15 p.m.45 views

Internet Bug Bounty: open redirect in rfc6749

OAuth Providers servers that strictly follow rfc6749 are vulnerable to open redirect. Let me explain, reading 0 If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2001/04/07 12:0 a.m.47 views

DoS против Cisco PIX (aaa authentication flood)

При слишком большом числе одновременных запросов на авторизацию сервер перестает функционировать...

1.6AI score
Exploits0References1Affected Software1
Rows per page
Query Builder