Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single sign-on vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27536
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability aff...
Haxx Libcurl
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Netapp Active Iq Unified Manager -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp Ontap 9
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
NA
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Redhat Single Sign-on -
Redhat Keycloak
Redhat Single Sign-on
Redhat Openshift Container Platform 4.9
Redhat Openshift Container Platform 4.10
NA
CVE-2022-2237
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an malicious user to benefit from an Open Redirect vulnerability in the checkSso function.
Redhat Single Sign-on 7.0
Redhat Keycloak Node.js Adapter -
NA
CVE-2023-1092
The OAuth Single Sign On Free WordPress plugin prior to 6.24.2, OAuth Single Sign On Standard WordPress plugin prior to 28.4.9, OAuth Single Sign On Premium WordPress plugin prior to 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin prior to 48.4.9 do not have CSRF chec...
Miniorange Oauth Single Sign On
NA
CVE-2023-1093
The OAuth Single Sign On WordPress plugin prior to 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow malicious users to make logged in admins delete all IdP via a CSRF attack
Miniorange Oauth Single Sign On
NA
CVE-2023-1436
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
Jettison Project Jettison
NA
CVE-2021-46877
jackson-databind 2.10.x up to and including 2.12.x prior to 2.12.6 and 2.13.x prior to 2.13.1 allows malicious users to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Fasterxml Jackson-databind
Fasterxml Jackson-databind 2.13.0
NA
CVE-2022-4492
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Build Of Quarkus -
Redhat Integration Service Registry -
Redhat Integration Camel K -
Redhat Undertow 2.7.0
Redhat Integration Camel For Spring Boot -
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Runtimes -
NA
CVE-2023-0482
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Redhat Resteasy
NA
CVE-2023-24329
An issue in the urllib.parse component of Python prior to 3.11.4 allows malicious users to bypass blocklisting methods by supplying a URL that starts with blank characters.
Python Python
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software -
Netapp Management Services For Netapp Hci -
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »