Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-35560

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

9.1CVSS5.9AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 9:17 p.m.3 views

CVE-2026-35560

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

9.1CVSS0.00261EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/03 8:10 p.m.21 views

CVE-2026-35560 Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

9.1CVSS0.00261EPSS
Exploits0References6
CVE
CVE
added 2026/04/03 8:10 p.m.10 views

CVE-2026-35560

Affected software: Amazon Athena ODBC Driver prior to 2.1.0.0. Issue: Improper certificate validation in the identity provider connection components can enable a man‑in‑the‑middle attack to intercept authentication credentials when connecting to external identity providers. Impact: Credential int...

9.1CVSS5.9AI score0.00261EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.3 views

PT-2026-30219

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

9.1CVSS5.9AI score0.00261EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML endpoint not verifying the status of external identity Providers. This could lead to bypassing security controls and performing unauthorized...

8.1CVSS5.8AI score0.00413EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/02/16 12:0 a.m.5 views

State of Passkey Authentication in the Wild: A Census of the Top 100K Sites

Passkeys -- discoverable WebAuthn credentials synchronised across devices are widely promoted as the future of passwordless authentication. Built on the FIDO2 standard, they eliminate shared secrets and resist phishing while offering usability through platform credential managers. Since their...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-25071

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00404EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.9 views

CVE-2023-20903

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates t...

4.3CVSS6.7AI score0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/28 12:0 a.m.9 views

CVE-2023-20903

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates t...

4.5AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/28 12:0 a.m.20 views

CVE-2023-20903

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates t...

4.8AI score0.00404EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.14 views

Minio 访问控制错误漏洞

Minio MinIO is an open source object storage server from the US-based MinIO Minio. The product supports building infrastructures for machine learning, analytics, and application data workloads. An access control error vulnerability exists in Minio 0.12.2 and prior versions, which stems from an...

9.8CVSS5.6AI score0.46706EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/03/23 2:42 p.m.4 views

keycloak: reusable "state" parameter at redirect_uri endpoint enables possibility of replay attacks

A flaw was found in Keycloak, where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks...

4.9CVSS5.7AI score0.00992EPSS
Exploits0References4
Veracode
Veracode
added 2020/02/28 7:40 a.m.18 views

Cross-Site Request Forgery (CSRF)

cloud foundry uaa is vulnerable to cross-site request forgery CSRF. The vulnerability exists as the OAuth2 state parameter is not being validated in the callback function when authenticating with external identity providers...

8.8CVSS4.5AI score0.00486EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/27 7:30 p.m.23 views

CVE-2020-5402 UAA fails to check the state parameter when authenticating with external IDPs

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers...

8.8CVSS8.6AI score0.00486EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2020/02/24 12:0 a.m.49 views

CVE-2020-5402: UAA fails to check the state parameter when authenticating with external IDPs | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. Affected Cloud Foundry Products...

8.8CVSS8.7AI score0.00486EPSS
Exploits0
Rows per page
Query Builder