146 matches found
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...
PT-2026-42587
Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...
fast-xml-builder 安全漏洞
fast-xml-builder is an open-source building tool developed by Natural Intelligence that converts JSON data into XML format. Versions of fast-xml-builder prior to 1.1.7 contained security vulnerabilities. These vulnerabilities occurred when input data contained quotes in attribute values, and enti...
CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...
Astra Linux - уязвимость в firefox, thunderbird
The editor code failed to check an attribute value. This could have led to a out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...
CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
DEBIAN-CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
CVE-2026-33317 OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
CVE-2026-33317
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...
OP-TEE Trusted OS 缓冲区错误漏洞
OP-TEE Trusted OS is an implementation of the OP-TEE open-source project, which creates an open-source Trusted Execution Environment TEE that utilizes Arm TrustZone technology. In versions 3.13.0 to 4.10.0 of OP-TEE Trusted OS, there is a buffer error vulnerability. This vulnerability stems from ...
Debian dla-4512 : charon-cmd - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4512 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4512-1 [email protected] https://www.debian.org/lts/security/...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : strongSwan vulnerability (USN-8117-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8117-1 advisory. Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use...
EUVD-2026-14477
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...
CVE-2026-25075
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...
CVE-2026-25075
The CVE-2026-25075 issue is an integer underflow in strongSwan’s EAP-TTLS AVP parser affecting versions 4.5.0 through 6.0.4, which can crash the charon IKE daemon (DoS) via crafted AVP length fields during IKEv2 authentication. Mitigation: upgrade to strongSwan 6.0.5 or later (as confirmed by Mag...
CVE-2026-25075
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...
USN-8117-1: strongSwan vulnerability
Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use this issue to cause strongSwan to consume resources and crash, resulting in a denial of service...