PT-2021-20536 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr versions 2.4.0 and later Description: The issue is caused by a truncated L2CAP K-frame, leading to an assertion failure. This is due to improper handling of length parameter inconsistency and a reachable assertion. Recommendations: For...

Zephyr 安全漏洞

Zephyr is an open source, small, scalable, real-time operating system. a security vulnerability exists in Zephyr, which stems from truncated L2CAP K-frames causing assertion failures. No detailed vulnerability details are available at this time...

GHSA-89RJ-5GGJ-3P9P Reachable Assertion in OpenCV.

In OpenCV 3.3.1 corresponds with OpenCV-Python 3.3.1.11, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast...

Reachable Assertion in OpenCV.

In OpenCV 3.3.1 corresponds with OpenCV-Python 3.3.1.11, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast...

CVE-2021-29108

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...

Privilege escalation

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...

CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below.

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...

CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below.

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...

PT-2021-18096 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9 and below Description: The issue allows a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account through an XML Signature Wrapping Attack. It is...

CVE-2021-33600

The CVE-2021-33600 entry describes a DoS in the web UI of F-Secure Internet Gatekeeper. An unauthenticated, remote attacker can trigger an assertion by sending a malformed HTTP request with a very large username parameter, potentially taking the product offline. Several connected sources (e.g., R...

CVE-2021-33600 Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper

A denial-of-service DoS vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending...

DRUPAL-CONTRIB-2021-036

This module provides a solution to authenticate visitors using existing SAML providers. Certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" an...

CLSA-2021-1632261705 Fix of CVE: CVE-2021-25215, CVE-2021-25214, CVE-2021-25216

A broken inbound incremental zone update IXFR can cause named to terminate unexpectedly CVE-2021-25214 - An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215 - A second vulnerability in BIND's GSSAPI security...

Fix of CVE: CVE-2021-25215, CVE-2021-25214, CVE-2021-25216

A broken inbound incremental zone update IXFR can cause named to terminate unexpectedly CVE-2021-25214 - An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215 - A second vulnerability in BIND's GSSAPI security...

The vulnerability in the `parser_parse_expression` function of the `js-parser-expr.c` component of the JavaScript engine for Internet of Things technology, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a malicious actor to trigger a service failure.

The vulnerability of the parserparseexpression function in the js-parser-expr.c component of the JavaScript engine for Internet of Things technology, JerryScript, and the IoT.js platform is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicio...

ISC BIND DoS Vulnerability (Aug 2021) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

EulerOS 2.0 SP2 : soundtouch (EulerOS-SA-2021-2449)

According to the versions of the soundtouch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of servic...

EulerOS 2.0 SP2 : unbound (EulerOS-SA-2021-2436)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability th...

EulerOS 2.0 SP2 : bind (EulerOS-SA-2021-2354)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses...

EulerOS 2.0 SP2 : openldap (EulerOS-SA-2021-2415)

According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resultin...