134 matches found
CVE-2024-5891
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, ...
Red Hat Quay Security Vulnerability
Red Hat Quay is a distributed container image repository from Red Hat, Inc. that is used to build, distribute and deploy containers. A security vulnerability exists in Red Hat Quay that stems from the ability to authenticate with an OAuth token if an attacker is able to obtain the client ID of an...
CVE-2024-27852
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages...
CVE-2024-22718
Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the clientid parameter in the application URL...
Form Tools 安全漏洞
Form Tools is an open source codebase for Form Tools scripts, modules, themes and APIs. A security vulnerability exists in Form Tools version 3.1.1, which stems from a cross-site scripting XSS vulnerability in the clientid parameter...
PT-2024-28081 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the wifi: mt76: connac component, where the wcid can be NULL. To avoid crashes, it is necessary to check...
CVE-2023-2585
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...
PYSEC-2023-214
Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirecturi and clientid are alterable when logging in. Consequently, the code parameter utilized to fetch the accesstoken post-authentication will be sent to the URL specified in the aforementioned...
PT-2023-28149 · Unknown · Home Assistant
Name of the Vulnerable Software and Affected Versions: Home Assistant versions prior to 2023.9.0 Description: The issue concerns the alterability of the redirect uri and client id when logging in to Home Assistant, an open-source home automation system. This allows an attacker to manipulate a use...
Open-Xchange AppSuite Cross-Site Scripting Vulnerability
Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-Xchange AppSuite that stems from the clientID not being cleaned up and escaped...
keycloak: client access via device auth request spoof
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...
keycloak: client access via device auth request spoof
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...
keycloak: client access via device auth request spoof
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...
keycloak: client access via device auth request spoof
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...
Personnel Property Equipment System SQL注入漏洞
Personnel Property Equipment System is a personnel property equipment management system by Jon Remus Sevellejo Personal Developer. A SQL injection vulnerability exists in Personnel Property Equipment System version 1.0, which stems from an incorrect manipulation of the clientid parameter that can...
PT-2023-20840 · Sourcecodester · Sourcecodester Personnel Property Equipment System
Name of the Vulnerable Software and Affected Versions: SourceCodester Personnel Property Equipment System version 1.0 Description: A critical issue has been found in the processing of the file admin/returned reuse form.php, specifically in the component GET Parameter Handler. The manipulation of...
SUSE CVE-2009-1892
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service daemon crash via unspecified requests...
SUSE CVE-2012-3571
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...
The vulnerability of the Squid caching proxy server, related to improper access control, allows attackers to gain access to confidential information.
The vulnerability of the Squid caching proxy server relates to the inconsistent processing of internal URIs. Exploiting this vulnerability allows a remote attacker to bypass the ACL firewall protection and gain access to information about the cache controller, including records related to the...
InHand Networks InRouter302 安全特征问题漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks, Inc. A security feature issue vulnerability exists in the InHand Networks InRouter302 version prior to V3.5.56, and the InRouter615 version prior to V2.3.0.r5542, which stems from the use of an insufficiently randomiz...