Lucene search
K

6 matches found

OSV
OSV
added 2026/06/10 12:31 a.m.2 views

GHSA-293Q-567P-WMWQ Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

In Spring Security Web, SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

6.8CVSS5.8AI score0.00116EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/03 12:35 p.m.7 views

org.glassfish.mq:mq-client (>=6.4.0 <=6.9.0), org.glassfish.mq:mq-cluster (>=6.4.0 <=6.9.0) +12 more potentially affected by CVE-2026-22886 via org.glassfish.mq:mqbroker-core (>=6.4.0 <=6.9.0)

org.glassfish.mq:mqbroker-core MAVEN version =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.9.0 Source cves: CVE-2026-22886 Source advisory: SNYK:JAVA-ORGGLASSFISHMQ-15444256...

9.8CVSS5.8AI score0.00402EPSS
Exploits0
OSV
OSV
added 2023/04/28 2:15 a.m.6 views

CVE-2023-27557

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.8 views

PT-2023-1736 · Fortinet · Fortiauthenticator

Name of the Vulnerable Software and Affected Versions: Fortinet FortiAuthenticator versions 6.4.x and earlier Description: The issue is related to an improper restriction of excessive authentication attempts, allowing a remote unauthenticated attacker to partially exhaust CPU and memory by sendin...

5.3CVSS5.4AI score0.01812EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2021/10/12 4:15 p.m.2 views

CVE-2021-37732

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant...

9CVSS5.9AI score0.02957EPSS
Exploits0References3
OSV
OSV
added 2021/03/30 12:15 a.m.6 views

CVE-2021-25145

A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.1...

6.5CVSS5.8AI score0.00407EPSS
Exploits0References2
Rows per page
Query Builder