babelouest

4 exploits Active since Dec 2021
CVE-2021-45379 WRITEUP HIGH WRITEUP
Glewlwyd < 2.6.1 - Authentication Bypass
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVSS 8.8
CVE-2022-27240 WRITEUP CRITICAL WRITEUP
Glewlwyd Sso Server < 2.6.2 - Buffer Overflow
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.
CVSS 9.8
CVE-2022-29967 WRITEUP HIGH WRITEUP
Glewlwyd < 2.6.2 - Path Traversal
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.
CVSS 7.5
CVE-2022-32096 WRITEUP HIGH WRITEUP
Rhonabwy < 1.1.5 - Buffer Overflow
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.
CVSS 7.5