Lucene search
K

2079 matches found

Cvelist
Cvelist
added 2025/04/11 4:21 p.m.25 views

CVE-2025-32068 Revoking authorization of OAuth2 consumer does not invalidate refresh tokens

Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...

0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/03 12:36 p.m.10 views

CVE-2025-3085

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

8.1CVSS7.1AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2025/04/01 12:15 p.m.128 views

CVE-2025-3085

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

9.8CVSS0.00256EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 12:15 p.m.3 views

CVE-2025-3085

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

9.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2025/04/01 12:15 p.m.6 views

UBUNTU-CVE-2025-3085

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

9.8CVSS5.8AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2025/04/01 12:5 p.m.107 views

CVE-2025-3085

Issue summary. MongoDB Server on Linux with TLS and CRL revocation check enabled may fail to validate revocation status of intermediate certificates in the peer’s certificate chain, potentially allowing improper authentication. This affects MongoDB Server versions: 5.0.x before 5.0.31, 6.0.x befo...

9.8CVSS7AI score0.00256EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/01 12:5 p.m.29 views

CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

8.1CVSS7AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 12:5 p.m.46 views

CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

8.1CVSS0.00256EPSS
Exploits0References1
MongoDB
MongoDB
added 2025/04/01 9:16 a.m.64 views

MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

9.8CVSS7AI score0.00256EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2025/03/31 1:29 a.m.14 views

USN-7394-1: Doorkeeper vulnerabilities

Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. CVE-2016-6582 It was discovered that Doorkeeper incorrectly handled storing client names. An...

9.1CVSS7.7AI score0.04685EPSS
Exploits0
OSV
OSV
added 2025/03/31 1:29 a.m.5 views

USN-7394-1 ruby-doorkeeper vulnerabilities

Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. CVE-2016-6582 It was discovered that Doorkeeper incorrectly handled storing client names. An...

9.1CVSS7.4AI score0.04685EPSS
Exploits0References3
NVD
NVD
added 2025/03/28 3:15 p.m.11 views

CVE-2025-29928

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

8CVSS0.00364EPSS
Exploits0References2
OSV
OSV
added 2025/03/28 2:42 p.m.17 views

CVE-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

8CVSS6.6AI score0.00364EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-2447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from whe...

6.6CVSS6.3AI score0.00585EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/02/27 3:9 a.m.2 views

SUSE CVE-2022-49296

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...

5.5CVSS6.5AI score0.00156EPSS
Exploits0References5
OSV
OSV
added 2025/02/26 7:1 a.m.6 views

AZL-60327 CVE-2022-49296 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 7:1 a.m.14 views

DEBIAN-CVE-2022-49296

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...

5.5CVSS5.9AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/26 2:1 a.m.1 views

CVE-2022-49296 ceph: fix possible deadlock when holding Fwb to get inline_data

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...

6.1AI score0.00156EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.11 views

CVE-2024-45783

A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access...

4.4CVSS5.8AI score0.00211EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.12 views

CVE-2025-0684

A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesyste...

6.4CVSS6.9AI score0.00251EPSS
Exploits0References1
Rows per page
Query Builder