2 matches found
GHSA-293Q-567P-WMWQ Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
In Spring Security Web, SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...
PT-2022-34771 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.8 through v5.19.11 Description: A potential security issue exists in the net/smc component of the Linux Kernel. The issue arises when there is no link to map buffers on, which may lead to undefined behavior. The actua...