babelouest

4 exploits Active since Dec 2021
CVE-2021-45379 WRITEUP HIGH WRITEUP
Glewlwyd 2.0.0-2.6.0 - Unauthenticated Incorrect Access Control
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVSS 8.8
CVE-2022-27240 WRITEUP CRITICAL WRITEUP
Glewlwyd SSO Server 2.0.0-2.6.1 - Buffer Overflow in WebAuthn Assertion Handling
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.
CVSS 9.8
CVE-2022-29967 WRITEUP HIGH WRITEUP
Glewlwyd < 2.6.2 - Path Traversal in static_compressed_inmemory_website_callback.c
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.
CVSS 7.5
CVE-2022-32096 WRITEUP HIGH WRITEUP
rhonabwy < 1.1.5 - Denial of Service via JWE Token Buffer Overflow in r_jwe_aesgcm_key_unwrap
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.
CVSS 7.5