Nicolas Mora

5 exploits Active since Sep 2021
CVE-2021-40540 WRITEUP CRITICAL WRITEUP
Ulfius HTTP Framework <2.7.4 - Info Disclosure
ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests.
CVSS 9.8
CVE-2022-38493 WRITEUP HIGH WRITEUP
Rhonabwy <1.1.7 - DoS
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
CVSS 7.5
CVE-2023-49208 WRITEUP CRITICAL WRITEUP
Glewlwyd SSO <2.7.6 - Buffer Overflow
scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.
CVSS 9.8
CVE-2024-25714 WRITEUP CRITICAL WRITEUP
Rhonabwy <1.1.13 - Info Disclosure
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
CVSS 9.8
CVE-2024-25715 WRITEUP MEDIUM WRITEUP
Glewlwyd Sso Server < 2.7.6 - Open Redirect
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
CVSS 6.1