CVE-2022-41912 crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

Debian dla-3208 : libvarnishapi-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3208 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3208-1 [email protected]...

Ubuntu 20.04 LTS / 22.04 LTS : MariaDB vulnerabilities (USN-5739-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5739-1 advisory. Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has be...

Oracle Linux 9 : libtiff (ELSA-2022-8194)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8194 advisory. 4.4.0-2 - Update to version 4.4.0 - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909...

Oracle Linux 8 : libtiff (ELSA-2022-7585)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7585 advisory. 4.0.9-23 - Fix various CVEs - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-090...

RHEL 9 : libtiff (RHSA-2022:8194)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8194 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Denial of...

libtiff: reachable assertion

A reachable assertion failure was found in libtiff's JBIG functionality. This flaw allows an attacker who can submit a crafted file to an application linked with libtiff and using the JBIG functionality, causes a crash via an assertion failure, leading to a denial of service. The exact mechanism...

CVE-2022-25671

Denial of service in MODEM due to reachable assertion in Snapdragon Mobile...

Design/Logic Flaw

Denial of service in MODEM due to reachable assertion in Snapdragon Mobile...

PT-2022-17450 · Qualcomm · Snapdragon Mobile

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Mobile affected versions not specified Description: The issue is related to a denial of service in the MODEM component due to a reachable assertion. This affects the Snapdragon Mobile platform. Recommendations: At the...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openldap Multiple Vulnerabilities (NS-SA-2022-0077)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openldap packages installed that are affected by multiple vulnerabilities: - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger ...

CVE-2022-25671

Denial of service in MODEM due to reachable assertion in Snapdragon Mobile...

EulerOS 2.0 SP9 : dhcp (EulerOS-SA-2022-2759)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as...

SUSE SLES12: glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / etc (SUSE-SU-2022:3942-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3942-1 advisory. - CVE-2015-8985: Fixed assertion failure in popfailstack when executing a malformed regexp bsc1193625 - x86: fix stack alignment in...

SUSE-SU-2022:3942-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in popfailstack when executing a malformed regexp bsc1193625 - x86: fix stack alignment in pthreadcondtimedwait bsc1196852 - Recognize ppc64p7 arch to build for power7...

CentOS 8 : libtiff (CESA-2022:7585)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7585 advisory. - libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 - libtiff: Null source pointer lead to Denial of Service via crafted TIFF file...

Updated libtiff packages fix security vulnerability

There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1. CVE-2022-2519 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVE-2022-2520 It w...

libtiff: reachable assertion

A reachable assertion failure was found in libtiff's JBIG functionality. This flaw allows an attacker who can submit a crafted file to an application linked with libtiff and using the JBIG functionality, causes a crash via an assertion failure, leading to a denial of service. The exact mechanism...

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

CVE-2022-35842

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...