Lucene search
K

134 matches found

OSV
OSV
added 2024/06/12 2:15 p.m.5 views

CVE-2024-5891

A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, ...

4.2CVSS5.8AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.5 views

Red Hat Quay Security Vulnerability

Red Hat Quay is a distributed container image repository from Red Hat, Inc. that is used to build, distribute and deploy containers. A security vulnerability exists in Red Hat Quay that stems from the ability to authenticate with an OAuth token if an attacker is able to obtain the client ID of an...

4.2CVSS6.7AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 3:13 p.m.1 views

CVE-2024-27852

A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References3
OSV
OSV
added 2024/04/11 8:15 p.m.4 views

CVE-2024-22718

Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the clientid parameter in the application URL...

9.6CVSS6AI score0.00657EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.5 views

Form Tools 安全漏洞

Form Tools is an open source codebase for Form Tools scripts, modules, themes and APIs. A security vulnerability exists in Form Tools version 3.1.1, which stems from a cross-site scripting XSS vulnerability in the clientid parameter...

9.6CVSS5.8AI score0.00657EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.9 views

PT-2024-28081 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the wifi: mt76: connac component, where the wcid can be NULL. To avoid crashes, it is necessary to check...

9.1CVSS6.5AI score0.01219EPSS
Exploits11References900
ATTACKERKB
ATTACKERKB
added 2023/12/21 10:15 a.m.4 views

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References8
PyPA
PyPA
added 2023/10/20 12:15 a.m.4 views

PYSEC-2023-214

Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirecturi and clientid are alterable when logging in. Consequently, the code parameter utilized to fetch the accesstoken post-authentication will be sent to the URL specified in the aforementioned...

5.4CVSS7AI score0.00395EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.4 views

PT-2023-28149 · Unknown · Home Assistant

Name of the Vulnerable Software and Affected Versions: Home Assistant versions prior to 2023.9.0 Description: The issue concerns the alterability of the redirect uri and client id when logging in to Home Assistant, an open-source home automation system. This allows an attacker to manipulate a use...

5.4CVSS5.2AI score0.00395EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/08/02 12:0 a.m.5 views

Open-Xchange AppSuite Cross-Site Scripting Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-Xchange AppSuite that stems from the clientID not being cleaned up and escaped...

5.4CVSS7.2AI score0.00558EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/06/27 7:2 p.m.43 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:53 p.m.84 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.19 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.4 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/14 12:0 a.m.3 views

Personnel Property Equipment System SQL注入漏洞

Personnel Property Equipment System is a personnel property equipment management system by Jon Remus Sevellejo Personal Developer. A SQL injection vulnerability exists in Personnel Property Equipment System version 1.0, which stems from an incorrect manipulation of the clientid parameter that can...

8.8CVSS7.1AI score0.00824EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/05/14 12:0 a.m.4 views

PT-2023-20840 · Sourcecodester · Sourcecodester Personnel Property Equipment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Personnel Property Equipment System version 1.0 Description: A critical issue has been found in the processing of the file admin/returned reuse form.php, specifically in the component GET Parameter Handler. The manipulation of...

8.8CVSS7AI score0.00824EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-1892

dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service daemon crash via unspecified requests...

5CVSS6.8AI score0.08566EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...

6.1CVSS6.8AI score0.12985EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2023/01/12 12:0 a.m.4 views

The vulnerability of the Squid caching proxy server, related to improper access control, allows attackers to gain access to confidential information.

The vulnerability of the Squid caching proxy server relates to the inconsistent processing of internal URIs. Exploiting this vulnerability allows a remote attacker to bypass the ACL firewall protection and gain access to information about the cache controller, including records related to the...

6.8CVSS6.9AI score0.0169EPSS
Exploits0References12Affected Software8
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.6 views

InHand Networks InRouter302 安全特征问题漏洞

The InHand Networks InRouter302 is an LTE cellular router from InHand Networks, Inc. A security feature issue vulnerability exists in the InHand Networks InRouter302 version prior to V3.5.56, and the InRouter615 version prior to V2.3.0.r5542, which stems from the use of an insufficiently randomiz...

10CVSS8.2AI score0.00563EPSS
Exploits0References2
Rows per page
Query Builder