Lucene search
K

57 matches found

Rockylinux
Rockylinux
added 2024/02/12 8:17 p.m.19 views

sos bugfix and enhancement update

An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

7AI score
Exploits0
NVD
NVD
added 2023/12/21 10:15 a.m.31 views

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS0.00694EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/12/21 10:15 a.m.5 views

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References8
Prion
Prion
added 2023/12/21 10:15 a.m.24 views

Authorization

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

5.8CVSS7AI score0.00694EPSS
Exploits0References7Affected Software5
Cvelist
Cvelist
added 2023/12/21 9:24 a.m.38 views

CVE-2023-2585 Keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

3.5CVSS8.1AI score0.00694EPSS
Exploits0References7
CVE
CVE
added 2023/12/21 9:24 a.m.2627 views

CVE-2023-2585

CVE-2023-2585 concerns Keycloak’s Device Authorization Grant, where flawed validation of device_code and client_id could allow a malicious OAuth client to spoof a consent request and trick an admin into granting access to other OAuth clients or cause unauthorized access. Connected sources corrobo...

8.1CVSS5.6AI score0.00694EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/06/30 8:29 p.m.4 views

GHSA-F5H4-WMP5-XHG6 Client Spoofing within the Keycloak Device Authorisation Grant

Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a devicecode to retrieve an access token for other OAuth clients...

3.5CVSS6.8AI score0.00694EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/06/27 7:2 p.m.43 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:53 p.m.93 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.21 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.5 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/06/26 6:48 p.m.90 views

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

3.5CVSS7.5AI score0.00694EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2023/01/23 2:29 p.m.23 views

usbguard security update

An update is available for usbguard. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The USBGuard software framework provides system protection against intrusive...

7.8CVSS7.3AI score0.00378EPSS
Exploits1
Rockylinux
Rockylinux
added 2023/01/12 8:25 a.m.31 views

usbguard security update

An update is available for usbguard. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The USBGuard software framework provides system protection against intrusive...

7.8CVSS7.3AI score0.00378EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2022/12/06 10:4 a.m.33 views

Moderate: Red Hat Security Advisory: usbguard security update

An update for usbguard is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS7.1AI score0.00378EPSS
Exploits1References2
Prion
Prion
added 2021/09/01 6:15 p.m.16 views

Authorization

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization...

5CVSS7.5AI score0.21631EPSS
Exploits3References2Affected Software2
RedHat Linux
RedHat Linux
added 2015/12/03 7:39 p.m.5 views

chromium-browser: Various fixes from internal audits

Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audiooutputdevice.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact by triggering access to an...

7.5CVSS5.9AI score0.00628EPSS
Exploits0References5
Rows per page
Query Builder