134 matches found
CVE-2022-1245
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to improper authentication, allows a perpetrator to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the improper handling of OAuth client identifiers. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause servic...
CVE-2021-3822
creationtimestamp| type| source ---|---|--- 2021-09-27 16:34:55+00:00| seen| https://t.me/cibsecurity/29456...
activemq: remote XSS in web console diagram plugin
A flaw was found in activemq. A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info...
CVE-2020-12776
creationtimestamp| type| source ---|---|--- 2020-09-01 12:55:34+00:00| seen| https://t.me/cibsecurity/14400...
CVE-2020-13821
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...
cxf: OpenId Connect token service does not properly validate the clientId
A flaw was found in cxf in versions prior to 3.2.11 and 3.3.4. The access token services do not properly validate that an authenticated principal is equal to that of the supplied clientId parameter allowing a malicious client to use an authorization code that has been issued to a different client...
CVE-2013-5582
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AAv3.2.exe file...
Denial of Service Vulnerability in Baidu's Skyworks Intelligence Platform
Baidu Tiangong Intelligence Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. There is a denial-of-service vulnerability in the Baidu Skyworks Intelligent...
Unauthorized access vulnerability in Baidu's Tiangong Intelligence Platform ( CNVD-2019-34660)
Baidu Tiangong Intelligence Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. An unauthorized access vulnerability exists in the Baidu Tiangong Intelligent...
DEBIAN-CVE-2019-10052
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parseclientidoption in the dhcp/parser.rs file...
Denial Of Service (DoS)
dhcp is vulnerable to denial of service DoS attacks. The vulnerability exists as ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...
The vulnerability of the ISC DHCP server, related to insufficient validation of input data, allows a attacker to trigger a service failure.
The vulnerability of the ISC DHCP server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted request that includes a zero-length client identifier...
RHEL 7 : Red Hat Gluster Storage 3.2.0 (RHSA-2017:0486)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0486 advisory. Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies dat...
RHEL 6 : Red Hat Gluster Storage 3.2.0 (RHSA-2017:0484)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0484 advisory. Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies dat...
Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SAP EMR Unwired and Clinical Task Tracker Access Restriction Bypass Vulnerabilities
SAP EMR Unwired is a mobile app that enables physicians and nurses to instantly access patient data when they need it.SAP Clinical Task Tracker is an easy and secure way to access clinical tasks assigned to your patients anytime, anywhere. SAP EMR Unwired and Clinical Task Tracker fail to properl...
CVE-2012-3571
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...
CVE-2012-3570
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service segmentation fault and daemon exit via a crafted client identifier parameter...