Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dex vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3650
Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and previous versions and 6.x-1.0-rc1 and previous versions, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
David Strauss Dex
David Strauss Dex 6.x-1.0
5.5
CVSSv3
CVE-2024-20802
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.
Samsung Dex
9.8
CVSSv3
CVE-2020-27847
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an malicious user to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as s...
Linuxfoundation Dex
9.6
CVSSv3
CVE-2020-26290
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the under...
Linuxfoundation Dex
6.5
CVSSv3
CVE-2022-39222
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version before 2.35.0....
Linuxfoundation Dex
7.5
CVSSv3
CVE-2024-23656
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloa...
Linuxfoundation Dex 2.37.0
9.8
CVSSv3
CVE-2017-6506
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
Azure Dex Data Expert Ultimate 2.2.16
1 EDB exploit
9.8
CVSSv3
CVE-2017-11165
dataTaker DT80 dEX 1.50.012 allows remote malicious users to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
Datataker Dt80 Dex Firmware 1.50.012
1 EDB exploit
6
CVSSv3
CVE-2022-23426
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows malicious users to access files with system privilege.
Google Android 10.0
Google Android 11.0
7.8
CVSSv3
CVE-2022-36039
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an malicious user to execute c...
Rizin Rizin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »