157 matches found
Denial of service in Spring Security OAuth2
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
Authorization
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...
CVE-2022-22969
CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...
TIM for Windows suffers from dll hijacking vulnerability
TIM is a multi-platform client application released in November 2016 by Tencent. It supports QQ and WeChat login, and is named "TIM". A dll hijacking vulnerability exists in TIM Windows Edition. An attacker can use this vulnerability to load a malicious dll and execute malicious code...
CVE-2020-14231
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the...
CVE-2020-14231
CVE-2020-14231 describes a buffer overflow vulnerability in the input parameter handling of HCL Client Application Access v9 . The underlying issue is in handling of input parameters, leading to a stack buffer overflow. It could be exploited by an authenticated attacker (network-facing) to crash ...
CVE-2020-14231
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the...
HCL Client Application Access 缓冲区错误漏洞
HCL Client Application Access is an integrated HCL Notes and HCL Domino application from HCL India. A buffer overflow vulnerability exists in HCL Client Application Access version v9, which stems from a vulnerability in the handling of input parameters could be exploited by an authenticated...
Design/Logic Flaw
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...
CVE-2020-24421
Adobe InDesign version 15.1.2 and earlier is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue...
Null pointer dereference
Adobe InDesign version 15.1.2 and earlier is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue...
APSB20-66 Security updates available for Adobe InDesign
Adobe has released a security update for Adobe InDesign. This update addresses a vulnerability rated moderate. The impact of exploitation is limited to denial-of-service of the client application...
CVE-2020-11044
In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...
Double free
In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...
CVE-2020-11044 Double Free in FreeRDP
In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...
Exploit for NULL Pointer Dereference in Openssl
CVE-2020-1967 Proof of concept exploit about OpenSSL signature...
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability...
XXE in OpenID client application - CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...
Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...
Security Misconfiguration in Frontend Session Handling
It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...