Lucene search
K

197 matches found

NVD
NVD
added 2024/11/20 3:15 p.m.54 views

CVE-2024-52598

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...

7.5CVSS0.0058EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/20 2:9 p.m.49 views

CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...

7.5CVSS0.0058EPSS
Exploits1References1
OSV
OSV
added 2024/11/20 2:9 p.m.13 views

CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...

7.5CVSS7AI score0.0058EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/20 2:9 p.m.17 views

CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...

7.5CVSS8AI score0.0058EPSS
Exploits1References1
CVE
CVE
added 2024/11/20 2:9 p.m.98 views

CVE-2024-52598

2FAuth 5.4.1 fixes a pair of issues: an SSRF vulnerability and a URI validation bypass in the POST /api/v1/twofaccounts/preview endpoint. An attacker can supply a remote URI; the app may perform a GET to that URL and, if the response appears as an image, store it on the server. The URI filter che...

7.5CVSS7.8AI score0.0058EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2024/11/20 3:35 a.m.10 views

Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

8.6CVSS6.4AI score0.00697EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.12 views

PT-2024-35394 · 2Fauth · 2Fauth

Name of the Vulnerable Software and Affected Versions: 2FAuth version 5.4.1 2FAuth versions prior to 5.4.1 Description: 2FAuth is a web application used to manage Two-Factor Authentication 2FA accounts and generate their security codes. It contains two interconnected vulnerabilities: a Server-Sid...

7.5CVSS6.8AI score0.0058EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/11/12 4:38 p.m.11 views

CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS7AI score0.00835EPSS
Exploits0References2
Veracode
Veracode
added 2024/10/22 7:43 a.m.4 views

Open Redirect

org.keycloak, keycloak-services is vulnerable vulnerable to Open Redirect. The vulnerability is due to a misconfiguration flaw in the validation of redirect URIs. An attacker can redirect users to an arbitrary URL and potentially expose sensitive information such as authorization codes, leading t...

6.7AI score
Exploits0
OSV
OSV
added 2024/10/14 4:15 p.m.24 views

UBUNTU-CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

5.3CVSS7.1AI score0.00986EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/09/19 5:5 p.m.30 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 22.0.13 Images Update

New images with security impact Important are available for Red Hat build of Keycloak 22.0.13 and Red Hat build of Keycloak 22.0.13 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift...

7.7CVSS6.1AI score0.0203EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/19 5:2 p.m.26 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 22.0.13 Update

New Red Hat build of Keycloak 22.0.13 packages with security impact Important are available from the Customer Portal Red Hat build of Keycloak 22.0.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and...

7.7CVSS6.1AI score0.0203EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/19 4:54 p.m.29 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.7CVSS6.1AI score0.0203EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/19 4:45 p.m.22 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 for OpenShift image enhancement update

A new image is available for Red Hat Single Sign-On 7.6.11, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift...

7.7CVSS6.1AI score0.0203EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/19 4:43 p.m.26 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 security update on RHEL 8

New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.7CVSS6.1AI score0.0203EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/19 4:43 p.m.8 views

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS5.8AI score0.01959EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/19 4:43 p.m.23 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 security update on RHEL 9

New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.7CVSS6.1AI score0.0203EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/19 12:0 a.m.27 views

RHEL 9 : Red Hat Single Sign-On 7.6.11 security update on RHEL 9 (Important) (RHSA-2024:6880)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6880 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.7CVSS5.8AI score0.0203EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2024/08/06 12:0 a.m.7 views

Apache OFBiz resolveURI Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveURI method. The issue results from improper URI validation...

9.8CVSS7.1AI score0.99427EPSS
Exploits10References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.22 views

(Pwn2Own) QNAP TS-464 TURN Server create_session Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the createsession action. The issue results from the lack of...

7.3CVSS7.1AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder