CVE-2022-25675

Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2022-25672

Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile...

CVE-2022-25673

Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile...

Design/Logic Flaw

Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

VulnCheck KEV: CVE-2022-27518

Citrix Application Delivery Controller ADC and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator...

PT-2022-17467 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a denial of service in the Modem component due to a reachable assertion while processing the common config procedure. This affects various Qualcomm...

CVE-2022-25702

CVE-2022-25702 affects Qualcomm Snapdragon platforms (Snadpragon Auto, Compute, Industrial IOT, Mobile, Wearables). The issue is a denial-of-service caused by a reachable assertion while processing a reconfiguration message in the modem path. Multiple sources (NVD, Red Hat, CIRCL) describe the sa...

PT-2022-16038 · Unknown · Passport-Wsfed-Saml2

Name of the Vulnerable Software and Affected Versions: Passport-wsfed-saml2 versions prior to 4.6.3 Description: A remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary ID...

Updated imagemagick packages fix security vulnerability

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. CVE-2021-3574 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows a...

crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

GHSA-J2JP-WVQG-WC2G crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

GO-2022-1129 Authentication bypass in github.com/crewjam/saml

Authentication bypass is possible when processing SAML responses containing multiple Assertion elements...

SUSE SLES12 Security Update : exiv2 (SUSE-SU-2022:4252-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4252-1 advisory. - CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. bsc1142681 -...

CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

Authentication flaw

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

CVE-2022-41912 crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

CVE-2022-41912

Affected software: crewjam/saml Go library