Lucene search
K

157 matches found

Github Security Blog
Github Security Blog
added 2022/04/22 12:0 a.m.36 views

Denial of service in Spring Security OAuth2

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

6.5CVSS6.5AI score0.01199EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/04/21 7:15 p.m.16 views

Authorization

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

4CVSS6.6AI score0.01199EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/04/21 6:16 p.m.776 views

CVE-2022-22969

CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...

6.5CVSS6.5AI score0.01199EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/01/15 12:0 a.m.2 views

TIM for Windows suffers from dll hijacking vulnerability

TIM is a multi-platform client application released in November 2016 by Tencent. It supports QQ and WeChat login, and is named "TIM". A dll hijacking vulnerability exists in TIM Windows Edition. An attacker can use this vulnerability to load a malicious dll and execute malicious code...

7.1AI score
Exploits0
NVD
NVD
added 2020/12/22 8:15 p.m.27 views

CVE-2020-14231

A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the...

8.8CVSS8.7AI score0.01018EPSS
Exploits0References1
CVE
CVE
added 2020/12/22 8:1 p.m.50 views

CVE-2020-14231

CVE-2020-14231 describes a buffer overflow vulnerability in the input parameter handling of HCL Client Application Access v9 . The underlying issue is in handling of input parameters, leading to a stack buffer overflow. It could be exploited by an authenticated attacker (network-facing) to crash ...

8.8CVSS8.6AI score0.01018EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/22 8:1 p.m.26 views

CVE-2020-14231

A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the...

8.8AI score0.01018EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/22 12:0 a.m.7 views

HCL Client Application Access 缓冲区错误漏洞

HCL Client Application Access is an integrated HCL Notes and HCL Domino application from HCL India. A buffer overflow vulnerability exists in HCL Client Application Access version v9, which stems from a vulnerability in the handling of input parameters could be exploited by an authenticated...

8.8CVSS7.8AI score0.01018EPSS
Exploits0References2
Prion
Prion
added 2020/11/16 1:15 a.m.39 views

Design/Logic Flaw

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

6.8CVSS8AI score0.01574EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2020/10/21 10:15 p.m.17 views

CVE-2020-24421

Adobe InDesign version 15.1.2 and earlier is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue...

5.5CVSS0.01799EPSS
Exploits0References1
Prion
Prion
added 2020/10/21 10:15 p.m.24 views

Null pointer dereference

Adobe InDesign version 15.1.2 and earlier is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue...

4.3CVSS5.3AI score0.01799EPSS
Exploits0References1Affected Software1
Adobe
Adobe
added 2020/10/20 12:0 a.m.33 views

APSB20-66 Security updates available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses a vulnerability rated moderate. The impact of exploitation is limited to denial-of-service of the client application...

5.5CVSS2.7AI score0.01799EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/05/07 7:15 p.m.16 views

CVE-2020-11044

In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...

3.5CVSS5.5AI score0.01895EPSS
Exploits1References5
Prion
Prion
added 2020/05/07 7:15 p.m.14 views

Double free

In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...

3.5CVSS5AI score0.01895EPSS
Exploits1References5Affected Software3
Cvelist
Cvelist
added 2020/05/07 12:0 a.m.18 views

CVE-2020-11044 Double Free in FreeRDP

In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...

2.2CVSS5.5AI score0.01895EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2020/04/28 9:15 p.m.1087 views

Exploit for NULL Pointer Dereference in Openssl

CVE-2020-1967 Proof of concept exploit about OpenSSL signature...

7.5CVSS6.8AI score0.53336EPSS
Exploits2
NVD
NVD
added 2020/02/06 3:15 a.m.23 views

CVE-2019-20104

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability...

7.5CVSS7.5AI score0.02434EPSS
Exploits1References2
Atlassian
Atlassian
added 2020/01/23 12:5 a.m.49 views

XXE in OpenID client application - CVE-2019-20104

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...

7.5CVSS3.8AI score0.02434EPSS
Exploits1Affected Software1
exploitpack
exploitpack
added 2019/07/10 12:0 a.m.41 views

Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index

Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...

0.5AI score
Exploits0
Typo3
Typo3
added 2019/06/25 12:0 a.m.13 views

Security Misconfiguration in Frontend Session Handling

It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...

6.7AI score
Exploits0Affected Software1
Rows per page
Query Builder