Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apereo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41965
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows malicious ...
Apereo Opencast
4
CVSSv2
CVE-2017-1000221
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a u...
Apereo Opencast
4
CVSSv2
CVE-2021-32623
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast before 9.6 are vulnerable to the billion laughs attack, which allows an malicious user to easily execute a (seemingly permanent) denial of service attack, essentially ta...
Apereo Opencast
6.8
CVSSv2
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Apereo Phpcas 1.3.4
5
CVSSv2
CVE-2018-20000
Apereo Bedework bw-webdav prior to 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.
Apereo Bw-webdav
6.8
CVSSv2
CVE-2014-2296
XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server prior to 3.4.12.1 and 3.5.x prior to 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.
Apereo Cas Server
NA
CVE-2023-28857
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert&rdquo...
Apereo Central Authentication Service
4.3
CVSSv2
CVE-2021-42567
Apereo CAS up to and including 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
Apereo Central Authentication Service
7.5
CVSSv2
CVE-2015-1169
Apereo Central Authentication Service (CAS) Server prior to 3.5.3 allows remote malicious users to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
Apereo Central Authentication Service
6.8
CVSSv2
CVE-2018-1000836
bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in ...
Apereo Bw-calendar-engine
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »