523 matches found
cyrus-sasl: Fix of CVE-2019-19906
CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...
CVE-2026-6691
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CVE-2026-6691
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CVE-2026-6691
CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...
MongoDB C Driver 安全漏洞
The MongoDB C Driver is an open-source library developed by MongoDB, designed to connect to and manipulate MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the insecure string copying performed during username normalization by t...
AZL-79343 CVE-2026-27601 affecting package cyrus-sasl-bootstrap 2.1.28-8
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79340 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-8
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
MiracleLinux 8 : cyrus-sasl-2.1.27-6.el8 (AXSA:2022-3081:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3081:01 advisory. cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands CVE-2022-24407 Tenable has extracted the preceding...
MiracleLinux 8 : cyrus-sasl-2.1.27-5.el8 (AXSA:2021-1130:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1130:01 advisory. cyrus-sasl: denial of service in sasladdstring function CVE-2019-19906 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 7 : cyrus-sasl-2.1.26-24.el7 (AXSA:2022-3085:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3085:02 advisory. cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands CVE-2022-24407 Tenable has extracted the preceding...
MiracleLinux 7 : cyrus-sasl-2.1.26-24.0.1.el7.AXS7 (AXSA:2025-10961:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10961:01 advisory. CVE-2019-19906: fix out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet CVEs: CVE-2019-19906...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-24407)
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
EUVD-2013-4050
Malware in sbrugna...
EUVD-2002-2022
Malware in sbrugna...
EUVD-2016-3255
Malware in sbrugna...
EUVD-2019-9498
Malware in sbrugna...
EUVD-2004-0882
Malware in sbrugna...
EUVD-2005-0374
Malware in sbrugna...
EUVD-2001-0852
Malware in sbrugna...