ai.apiverse:apipulse (=1.0.1), com.contentgrid.spring:contentgrid-spring-boot-starter (>=0.4.2 <=0.6.1) +53 more potentially affected by CVE-2022-31679 via org.springframework.data:spring-data-rest-core (>=3.7.0 <=3.7.2)

org.springframework.data:spring-data-rest-core MAVEN version =3.7.0, =0.4.2, =0.4.2, =0.4.2, =5.12.1, =2.4.0, =2.4.0, =2.4.0, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.1.0 - com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example =2.1.6 and more Source cves: CVE-2022-31679...

Virtuozzo Hybrid Infrastructure 5.2 Update 1 (5.2.1-57)

This update provides full support for Authorization Code Flow, as well as bug fixes and improvements. Vulnerability id: VSTOR-57337 It is impossible to set the disk role to "Unassigned" while joining a node to the cluster. Vulnerability id: VSTOR-57187 Unable to add an iSCSI target with multiple...

Shopify: Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account

A vulnerability was discovered in the Shop App's Microsoft Outlook OAuth flow, where a malicious app could intercept the authorization code during authentication due to the use of deep links. This could allow an attacker to gain access to the victim's emails. The issue was mitigated by implementi...

CVE-2020-23900

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b...

Buffer overflow

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b...

CVE-2021-0442

CVE-2021-0442 affects Android 11 in the Framework component, specifically in updateInfo of android_hardware_input_InputApplicationHandle.cpp. The issue is a use-after-free that can control code flow, enabling local elevation of privilege with no additional execution privileges required. Exploitat...

CVE-2021-0442

In updateInfo of androidhardwareinputInputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

GHSA-58R4-H6V8-JCVM Regression in JWT Signature Validation

Overview Versions after and including 2.3.0 are improperly validating the JWT token signature when using the JWTValidator.verify method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and...

@rebelware/fibonacci-generator (=0.0.3), react-oauth2-auth-code-flow (>=1.0.0 <=1.0.2) potentially affected by unknown CVE via react-oauth-flow (=1.2.0)

react-oauth-flow NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-oauth-flow and may be impacted: - @rebelware/fibonacci-generator =0.0.3 - react-oauth2-auth-code-flow =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory:...

CVE-2020-13272

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...

CVE-2020-13272

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...

CVE-2020-13272

GitLab CVE-2020-13272 affects GitLab CE/EE versions 12.3 through 13.0.1, where the OAuth authorization code flow lacks verification checks. The root cause is missing verification in the OAuth flow, allowing an unverified user to complete the authorization code flow. Public details in connected do...

PT-2020-13413 · Oauth +1 · Oauth +1

Name of the Vulnerable Software and Affected Versions: OAuth versions 12.3 through 13.0.1 Description: The issue concerns the OAuth flow missing verification checks, allowing an unverified user to use the OAuth authorization code flow. Recommendations: For versions 12.3 through 13.0.1, update to ...

CVE-2019-18278

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqtplugin!vlcentrylicense300f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this...

CVE-2019-18278

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqtplugin!vlcentrylicense300f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this...

CVE-2019-18278

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqtplugin!vlcentrylicense300f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this...

Code injection

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqtplugin!vlcentrylicense300f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this...

CVE-2019-18278

CVE-2019-18278 concerns VideoLAN VLC media player 3.0.8 on Windows when using libqt, where data from a faulting address can control code flow at libqt_plugin!vlc_entry_license__3_0_0f+0x... The core description in both the NVD entry and Red Hat advisory is consistent: the vulnerability relates to...

CVE-2019-18278

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqtplugin!vlcentrylicense300f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this...

CVE-2019-17243

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEGLS+0x0000000000003155...