84 matches found
CVE-2025-35431 CISA Thorium LDAP injection
CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1...
PT-2025-38230
Name of the Vulnerable Software and Affected Versions: Thorium versions prior to 1.1.1 Description: Thorium does not escape user-controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data, such as group memberships. Recommendations: Update to...
CISA Thorium 安全漏洞
CISA Thorium is a highly scalable distributed malware analysis and data generation framework for the U.S. Cybersecurity and Infrastructure Security Administration CISA government division. A security vulnerability exists in CISA Thorium versions prior to 1.1.1 that stems from unescaped...
CVE-2025-49011
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
CVE-2025-49011
SpiceDB (v1.44.x) vulnerability: when resolving CheckPermission paths that involve arrows with caveats, the evaluation across multiple caveated branches may incorrectly return NO_PERMISSION instead of PERMISSION. Root cause is in caveats on an arrow’ed relation affecting multi-branch permission c...
golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...
CVE-2024-9531 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsentdeactivationrequest' function in all versions up to, and including, 4.2.4. This makes it possible f...
CVE-2024-5863
CVE-2024-5863 affects the Easy Image Collage WordPress plugin. The issue is a missing capability check in ajax_image_collage() across versions up to and including 1.13.5, allowing authenticated users with Contributor-level access and above to erase content in arbitrary posts (data loss). Wordfenc...
CLSA-2024-1718787475 krb5: Fix of CVE-2023-39975
CVE-2023-39975: fix double free vulnerability in authorization-data handling to prevent incorrect data copying from one ticket to another...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from a cURL wrapper that retains the original request header when redirecting, so...
CVE-2024-5449 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...
CentOS 9 : krb5-1.21.1-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the krb5-1.21.1-1.el9 build changelog. - kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an...
Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042)
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-39975 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by a double free in KDC TGS processing. By sending a specially crafted request, a remote authenticated attacke...
SUSE CVE-2023-39975
kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...
Oracle Linux 9 : krb5 (ELSA-2023-6699)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6699 advisory. - Fix double-free in KDC TGS processing CVE-2023-39975 Tenable has extracted the preceding description block directly from the Oracle Linux security...
krb5: double-free in KDC TGS processing
A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling...
RHEL 9 : krb5 (RHSA-2023:6699)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6699 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...
CVE-2023-39975
A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling...
Double Free
libkrb5.so is vulnerable to Double Free. The vulnerability exists due to a failure in authorization data handling in the dotgsreq.c, which allows an attacker to cause the Key Distribution Center KDC to free the same pointer twice when incorrect data is copied from one ticket to another...