Lucene search
K

62 matches found

Cvelist
Cvelist
added 2025/01/09 12:0 a.m.12 views

CVE-2024-55225

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...

0.00587EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2024/11/19 2:50 a.m.25 views

K000148606: Spring vulnerability CVE-2021-22119

Security Advisory Description Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. ...

7.5CVSS6.3AI score0.06001EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2024/11/12 12:0 a.m.20 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

6.5CVSS5.2AI score0.01141EPSS
Exploits1References4
OSV
OSV
added 2024/01/30 4:10 p.m.8 views

CVE-2024-23647 PKCE downgrade attack in Authentik

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...

6.5CVSS8.7AI score0.00544EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.35 views

K10520421: Spring Security OAuth vulnerability CVE-2018-1260

Security Advisory Description Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the...

9.8CVSS9.6AI score0.08352EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.101 views

K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509

Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5.5CVSS5.5AI score0.01271EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.4 views

SUSE CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

7.5CVSS6.4AI score0.06001EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/11 12:0 a.m.16 views

CVE-2022-43392

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted authorization request...

6.5CVSS6.8AI score0.00624EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 7:15 p.m.86 views

Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)

Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...

6.5CVSS6.5AI score0.01199EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/30 12:0 a.m.21 views

oauth2-server through 3.1.1 vulnerable to Open Redirect

In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern a-zA-Za-zA-Z0-9+.-+: before making a redirection. This allows a malicious client to pass an XSS payload...

7.2CVSS7.7AI score0.00757EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/08/30 12:0 a.m.12 views

GHSA-4RG6-FM25-GC34 oauth2-server through 3.1.1 vulnerable to Open Redirect

In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern a-zA-Za-zA-Z0-9+.-+: before making a redirection. This allows a malicious client to pass an XSS payload...

7.2CVSS7.1AI score0.00757EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2022/07/20 12:0 a.m.29 views

Oracle MySQL Enterprise Monitor DOS (July 2022 CPU)

The version of MySQL Enterprise Monitor installed on the remote host are affected by a denial of service as referenced in the July 2022 CPU advisory, via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple...

7.5CVSS6.5AI score0.06001EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.3 views

spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

7.5CVSS7.2AI score0.06001EPSS
Exploits0References4
CNVD
CNVD
added 2022/04/24 12:0 a.m.30 views

Pivotal Spring Security Oauth Resource Management Error Vulnerability

A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. A...

4CVSS2.2AI score0.01199EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/22 12:0 a.m.36 views

Denial of service in Spring Security OAuth2

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

6.5CVSS6.5AI score0.01199EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/04/21 7:15 p.m.22 views

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

6.5CVSS0.01199EPSS
Exploits0References2
OSV
OSV
added 2022/04/21 7:15 p.m.25 views

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

6.5CVSS6.5AI score0.01199EPSS
Exploits0References2
Prion
Prion
added 2022/04/21 7:15 p.m.17 views

Authorization

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

4CVSS6.6AI score0.01199EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/04/21 6:16 p.m.777 views

CVE-2022-22969

CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...

6.5CVSS6.5AI score0.01199EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/21 6:16 p.m.47 views

CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

7.2AI score0.01199EPSS
Exploits0References2
Rows per page
Query Builder