62 matches found
CVE-2024-55225
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...
K000148606: Spring vulnerability CVE-2021-22119
Security Advisory Description Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. ...
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...
CVE-2024-23647 PKCE downgrade attack in Authentik
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...
K10520421: Spring Security OAuth vulnerability CVE-2018-1260
Security Advisory Description Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the...
K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509
Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
SUSE CVE-2021-22119
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
CVE-2022-43392
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted authorization request...
Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)
Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...
oauth2-server through 3.1.1 vulnerable to Open Redirect
In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern a-zA-Za-zA-Z0-9+.-+: before making a redirection. This allows a malicious client to pass an XSS payload...
GHSA-4RG6-FM25-GC34 oauth2-server through 3.1.1 vulnerable to Open Redirect
In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern a-zA-Za-zA-Z0-9+.-+: before making a redirection. This allows a malicious client to pass an XSS payload...
Oracle MySQL Enterprise Monitor DOS (July 2022 CPU)
The version of MySQL Enterprise Monitor installed on the remote host are affected by a denial of service as referenced in the July 2022 CPU advisory, via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple...
spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...
Pivotal Spring Security Oauth Resource Management Error Vulnerability
A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. A...
Denial of service in Spring Security OAuth2
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
Authorization
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...
CVE-2022-22969
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...