Lucene search
+L

371 matches found

NVD
NVD
added 2022/02/04 11:15 p.m.42 views

CVE-2022-23600

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

6.5CVSS0.00889EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.9 views

CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

5.3CVSS6.5AI score0.00889EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.51 views

CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

5.3CVSS6.6AI score0.00889EPSS
Exploits0References2
OSV
OSV
added 2022/02/04 10:32 p.m.23 views

CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

5.3CVSS6.4AI score0.00889EPSS
Exploits0References4
NVD
NVD
added 2021/12/08 6:15 p.m.20 views

CVE-2021-41030

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

9.1CVSS0.00955EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/12/08 5:51 p.m.14 views

CVE-2021-41030

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

5.4CVSS7.2AI score0.00955EPSS
Exploits0References1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.37 views

FortiClient EMS - SAML SSO replay attack

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

6.4CVSS4.9AI score0.00955EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/11/18 12:0 a.m.22 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.9 / 10.0.x < 10.0.1 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.20 or 9.0.x prior to 9.0.14 or 9.1.x prior to 9.1.9 or 10.0.x prior to 10.0.1. It is, therefore, affected by a vulnerability. - A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect...

8.8CVSS8.6AI score0.01488EPSS
Exploits0References3
CNVD
CNVD
added 2021/11/13 12:0 a.m.20 views

Palo Alto Networks PAN-OS Memory Corruption Vulnerability (CNVD-2021-102821)

A memory corruption vulnerability exists in Palo Alto Networks PAN-OS, an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A problem with the software memory handling leads to a memory corruption vulnerability, which allows an authenticated attacker to execute...

8.8CVSS3.7AI score0.01488EPSS
Exploits0References1
NVD
NVD
added 2021/11/10 5:15 p.m.21 views

CVE-2021-3056

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.8CVSS0.01488EPSS
Exploits0References1
OSV
OSV
added 2021/11/10 5:15 p.m.4 views

CVE-2021-3056

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.8CVSS6AI score0.01488EPSS
Exploits0References1
Prion
Prion
added 2021/11/10 5:15 p.m.21 views

Memory corruption

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.5CVSS8.9AI score0.01488EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/10 5:10 p.m.24 views

CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.8CVSS9.1AI score0.01488EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/11/10 5:0 p.m.6 views

CVE-2021-3056

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.8CVSS7.6AI score0.01488EPSS
Exploits0References2Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2021/11/10 5:0 p.m.57 views

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. Work around: Enable signatures for Unique Threat ID 91585 on traffic processed by the...

8.8CVSS8.9AI score0.01488EPSS
Exploits0References1
OSV
OSV
added 2021/09/08 5:15 p.m.4 views

CVE-2021-3051

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSO...

8.1CVSS7.3AI score0.00581EPSS
Exploits0References1
Prion
Prion
added 2021/09/08 5:15 p.m.22 views

Design/Logic Flaw

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSO...

6.8CVSS8.1AI score0.00581EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2021/09/08 5:11 p.m.96 views

USN-5069-2: mod-auth-mellon vulnerability

USN-5069-1 fixed a vulnerability in mod-auth-mellon. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect...

6.1CVSS6.2AI score0.00752EPSS
Exploits0
CVE
CVE
added 2021/09/08 5:10 p.m.58 views

CVE-2021-3051

CVE-2021-3051 describes an improper verification of cryptographic signatures in Cortex XSOAR SAML authentication that allows an unauthenticated network attacker with knowledge of the instance to access protected resources and perform unauthorized actions. Affected are Cortex XSOAR 5.5.0 builds ea...

8.1CVSS8.3AI score0.00581EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/08 5:10 p.m.34 views

CVE-2021-3051 Cortex XSOAR: Authentication Bypass in SAML Authentication

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSO...

8.1CVSS8.4AI score0.00581EPSS
Exploits0References1
Rows per page
Query Builder