Lucene search
K

86 matches found

EUVD
EUVD
added 2026/02/03 5:54 p.m.6 views

EUVD-2025-206690

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...

6.3CVSS5.5AI score0.0036EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 5:54 p.m.24 views

CVE-2025-62599 eprosima Fast DDS affected by Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled

eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...

8.6CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 5:54 p.m.18 views

CVE-2025-62599

CVE-2025-62599 affects eProsima Fast DDS prior to versions 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1. When security mode is enabled, modifying the DATA Submessage in an SPDP packet (specifically tampering with the length of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN as readPropertySeq) can trigger ...

8.6CVSS6AI score0.0036EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/03 5:54 p.m.10 views

CVE-2025-62599 eprosima Fast DDS affected by Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled

eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...

8.6CVSS6AI score0.0036EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

Fast-DDS 输入验证错误漏洞

Fast-DDS is a complete DDS system open-sourced by eProsima. Versions of Fast-DDS prior to 3.4.1, 3.3.1, and 2.6.11 contained a vulnerability related to input validation errors. This vulnerability stemmed from modifying the PIDIDENTITYTOKEN or PIDPERMISSIONSTOKEN fields in the DATA sub-message,...

6.3CVSS5.8AI score0.00434EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

eProsima Fast DDS 安全漏洞

eProsima Fast DDS is a C++ implementation of the OMG Object Management Group DDS Data Distribution Service standard by eProsima Corporation. Versions prior to 3.4.1, 3.3.1, and 2.6.11 of eProsima Fast DDS contained security vulnerabilities. These vulnerabilities were caused by modifying the...

7.5CVSS5.9AI score0.00527EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

Fast-DDS 输入验证错误漏洞

Fast-DDS is a complete DDS system open-sourced by eProsima. Versions of Fast-DDS prior to 3.4.1, 3.3.1, and 2.6.11 contained a vulnerability related to input validation errors. This vulnerability stemmed from modifying the length of the PIDIDENTITYTOKEN or PIDPERMISSIONTOKEN fields in the DATA...

8.6CVSS5.8AI score0.0036EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/12/16 12:23 a.m.3 views

SUSE CVE-2025-66506

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS7.1AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2025/12/04 10:15 p.m.5 views

UBUNTU-CVE-2025-66506

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS6.4AI score0.00191EPSS
Exploits0References4
OSV
OSV
added 2025/12/04 10:4 p.m.22 views

CVE-2025-66506 Fulcio allocates excessive memory during token parsing

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS7AI score0.00191EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/11/12 9:27 p.m.9 views

OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...

9.3CVSS6.9AI score0.00322EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/12 6:57 p.m.5 views

CVE-2025-64099 OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

9.3CVSS5.8AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.10 views

PT-2025-46699

Name of the Vulnerable Software and Affected Versions Open Access Management OpenAM versions prior to 16.0.0 Description Open Access Management OpenAM contains a flaw where, if the claims parameter supported parameter is enabled, the "oidc-claims-extension.groovy" script allows injection of...

9.3CVSS7.1AI score0.00322EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-1296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This...

6.5CVSS5.5AI score0.00449EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.7 views

FreeBSD : Gitlab -- vulnerabilities (7bfe6f39-78be-11f0-9d03-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7bfe6f39-78be-11f0-9d03-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site...

8.7CVSS5.9AI score0.00423EPSS
Exploits0References14
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.11 views

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...

5CVSS6.4AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 11:20 p.m.6 views

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

5CVSS6.8AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:18 a.m.8 views

CVE-2019-16929

Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...

7.5CVSS6.8AI score0.00891EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/10 6:31 p.m.22 views

Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS7AI score0.00449EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/03/10 6:15 p.m.10 views

UBUNTU-CVE-2025-1296

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS5.8AI score0.00449EPSS
Exploits0References3
Rows per page
Query Builder