BIT-GOLANG-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

Fedora 35 : dbus (2022-7a963a79d1)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7a963a79d1 advisory. Update to 1.12.24 Fix CVE-2022-42010, CVE-2022-42011, CVE-2022-42012 Tenable has extracted the preceding description block directly from the Fedora...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : DBus vulnerabilities (USN-5704-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5704-1 advisory. It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibl...

CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures...

PT-2022-5137 · D-Bus +10 · D-Bus +10

Name of the Vulnerable Software and Affected Versions: D-Bus versions 1.12.24 and earlier, 1.13.x, 1.14.x before 1.14.4, and 1.15.x before 1.15.2 Description: An issue was discovered in D-Bus where an authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when...

CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute...

CVE-2019-19903

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list o...

CVE-2019-19900

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute...

SimpleSAMLphp Security Bypass Vulnerability (CNVD-2017-24382)

SimpleSAMLphp is a PHP authentication application that implements the SAML2.0 service provider and identity provider functionality . A security bypass vulnerability exists in SimpleSAMLphp 1.14.x through 1.14.11, which can be exploited by attackers to bypass security restrictions and perform...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

CVE-2016-3119

The processdbargs function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service NULL pointer dereferenc...

CVE-2015-8630

The 1 kadm5createprincipal3 and 2 kadm5modifyprincipal functions in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash b...