Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single sign-on vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages exists in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker woul...
Gnu Gnutls 3.6.8-11.el8 2
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Converged Systems Advisor Agent -
NA
CVE-2023-22501
An authentication vulnerability exists in Jira Service Management Server and Data Center which allows an malicious user to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgo...
Atlassian Jira Service Management
Atlassian Jira Service Management 5.5.0
1 Github repository
NA
CVE-2022-4496
The SAML SSO Standard WordPress plugin version 16.0.0 prior to 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 prior to 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 prior to 20.0.7 does not validate that the redirect parameter to its SSO login en...
Miniorange Saml Sp Single Sign On
NA
CVE-2022-3094
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access pe...
Isc Bind 9.16.8
Isc Bind 9.16.11
Isc Bind 9.16.13
Isc Bind 9.16.21
Isc Bind 9.16.32
Isc Bind 9.16.14
Isc Bind
Isc Bind 9.16.36
NA
CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable v...
Oracle Graalvm 21.3.4
Oracle Graalvm 22.3.0
Oracle Graalvm 20.3.8
Oracle Jre 11.0.17
Oracle Jre 17.0.5
Oracle Jre 19.0.1
Oracle Jdk 11.0.17
Oracle Jdk 17.0.5
Oracle Jdk 19.0.1
Azul Zulu 11.60
Azul Zulu 13.52
Azul Zulu 15.44
Azul Zulu 17.38
Azul Zulu 19.30
1 Github repository
NA
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. ...
Oracle Graalvm 21.3.4
Oracle Graalvm 22.3.0
Oracle Graalvm 20.3.8
Oracle Jre 1.8.0
Oracle Jre 11.0.17
Oracle Jre 17.0.5
Oracle Jre 19.0.1
Oracle Jdk 11.0.17
Oracle Jdk 17.0.5
Oracle Jdk 19.0.1
Oracle Jdk 1.8.0
Azul Zulu 11.60
Azul Zulu 13.52
Azul Zulu 15.44
Azul Zulu 17.38
Azul Zulu 19.30
Azul Zulu 6.51
Azul Zulu 7.57
Azul Zulu 8.66
1 Github repository
NA
CVE-2022-3782
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive inf...
Redhat Keycloak 20.0.2
NA
CVE-2023-0091
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an malicious user to access or modify potentially sensitive information.
Redhat Keycloak -
NA
CVE-2023-0105
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
Redhat Keycloak -
NA
CVE-2022-45787
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or lat...
Apache James
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »