CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2023 matches found

CNVD•added 2018/01/25 12:0 a.m.•3 views

Memory leak vulnerability in multiple Huawei products (CNVD-2018-02542)

Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. A memory leak vulnerability exists in several Huawei products due to a failure of the device to properly free allocated memory. A local attacker with...

3.3CVSS6.4AI score0.00138EPSS

Exploits0References1

CNVD•added 2018/01/22 12:0 a.m.•2 views

IBM Curam Social Program Management Privilege Gain Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Curam SPM. An attacker could exploit the vulnerability to revoke applications...

6CVSS6.8AI score0.00596EPSS

Exploits0References1

OSV•added 2017/12/11 5:29 p.m.•1 views

UBUNTU-CVE-2014-3250

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4...

6.5CVSS6.8AI score0.00894EPSS

Exploits0References3

OSV•added 2017/12/11 5:29 p.m.•1 views

DEBIAN-CVE-2014-3250

6.5CVSS6.6AI score0.00894EPSS

Exploits0References1

CNVD•added 2017/11/30 12:0 a.m.•1 views

Pivotal Cloud Foundry cf-release and UAA denial of service vulnerabilities

Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides features such as container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. uaa is a...

5.3CVSS6.9AI score0.01086EPSS

Exploits0References1

Hacker One•added 2017/11/28 3:54 a.m.•22 views

Uber: The Microsoft Store Uber App Does Not Implement Server-side Token Revocation

Summary The Microsoft Store Uber App Windows Phone Architecture does not properly revoke or expire a rider's x-uber-token upon app signout. Security Impact When a user logs out/signs off of the app, the logout process is handled only locally on the application side, and without any type of...

6.8AI score

Exploits0

NVD•added 2017/11/27 10:29 a.m.•20 views

CVE-2017-8031

An issue was discovered in Cloud Foundry Foundation cf-release all versions prior to v279 and UAA 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1. In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other...

5.3CVSS5.1AI score0.01086EPSS

Exploits0References2

Cvelist•added 2017/11/27 10:0 a.m.•22 views

CVE-2017-8031

5.1AI score0.01086EPSS

Exploits0References2

CVE•added 2017/11/27 10:0 a.m.•54 views

CVE-2017-8031

The CVE-2017-8031 entry concerns Cloud Foundry cf-release and UAA. Affected products: cf-release (all versions before v279) and UAA (30.x before 30.6; 45.x before 45.4; 52.x before 52.1). Issue: an authenticated user for a given client can revoke client tokens belonging to other users on the same...

5.3CVSS5AI score0.01086EPSS

Exploits0References2Affected Software2

Veracode•added 2017/11/09 7:30 a.m.•24 views

Denial Of Service (DoS) Through Token Revocation

CloudFoundry User Account and Authentication UAA is vulnerable to denial of service DoS attacks. The checktoken endpoint does not validate the clientId when revoking opaque or JWT client tokens, allowing a malicious user to revoke another user's token...

5.3CVSS6.5AI score0.01086EPSS

Exploits0References4Affected Software1

Cloud Foundry•added 2017/11/07 12:0 a.m.•39 views

CVE-2017-8031: UAA Denial of Service through client token revocation endpoint | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-release All versions prior to v279 UAA 30.x versions prior to 30.6 45.x versions prior to 45.4 52.x versions prior to 52.1 Description In some cases, the UAA allows an authenticated user for a particul...

5.3CVSS5.1AI score0.01086EPSS

Exploits0

Veracode•added 2017/10/27 2:26 a.m.•30 views

Reusable Refresh Tokens

Keycloak services has resuable refresh tokens. If an attacker using a pre-compromised system creates a refresh token pair, this token can be used indefinitely regardless of permission revocation...

7.2CVSS6.9AI score0.01887EPSS

Exploits0References6Affected Software2

OSV•added 2017/10/26 5:29 p.m.•1 views

CVE-2017-12160

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...

7.2CVSS5.8AI score0.01887EPSS

Exploits0References4

NVD•added 2017/10/26 5:29 p.m.•31 views

CVE-2017-12160

7.2CVSS6.9AI score0.01887EPSS

Exploits0References4

Cvelist•added 2017/10/26 5:0 p.m.•55 views

CVE-2017-12160

6.8AI score0.01887EPSS

Exploits0References4

CVE•added 2017/10/26 5:0 p.m.•126 views

CVE-2017-12160

CVE-2017-12160 affects Keycloak-based Red Hat Single Sign-On (rh-sso7-keycloak). The flaw in the OAuth flow permits an authenticated resource to obtain an access/refresh token pair from the authentication server, enabling indefinite usage if permissions are revoked. An attacker on a already-compr...

7.2CVSS6.8AI score0.01887EPSS

Exploits0References4Affected Software1

OSV•added 2017/10/24 6:33 p.m.•75 views

GHSA-3M6R-39P3-JQ25 Doorkeeper is vulnerable to replay attacks

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

9.1CVSS9.1AI score0.04685EPSS

Exploits0References11