keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

libebml2 UpdateDataSize function denial of service vulnerability

libebml2 is a mkv file parsing library for analyzing or parsing mkv files for playback. A denial of service vulnerability exists in the UpdateDataSize function in ebmlmaster.c in libebml2 2012-08-26 and prior versions of Libebml2. With a specially crafted mkv file, a remote attacker can exploit...

mkclean Node_ValidatePtr Function Denial of Service Vulnerability

mkclean is a command line tool for cleaning and optimizing muxed Matroska .mkv / .mka / .mks / .mk3d and WebM .webm / .weba files. A denial of service vulnerability exists in the NodeValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9. Via a specially crafted mkv file, a remote...

CVE-2017-10873

OpenAM Open Source Edition allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM Open Source Edition implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext...

CVE-2017-1000122

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service release assertion of the UI process. This vulnerability does not affect Apple products...

Fedora 26 : xen (2017-5bcddc1984)

xen: various flaws 1501391 multiple MSI mapping issues on x86 XSA-237 DMOP map/unmap missing argument checks XSA-238 hypervisor stack leak in x86 I/O intercept code XSA-239 Unlimited recursion in linear pagetable de-typing XSA-240 Stale TLB entry due to page type release race XSA-241 page type...

Updated exiv2 packages fix security vulnerabilities & bugs

Opening an image created on certain pentax cameras with gwenview, which uses the exiv2 library, causes gwenview to segfault. Exiv2 upstream created a patch to resolve this problem bugfix - applies only to mga6. The following security issues were also fixed: Heap overflow in...

Slack SAML authentication bypass

tl;dr I found a severe issue in the Slack's SAML implementation that allowed me to bypass the authentication. This has now been solved by Slack. Introduction IMHO the rule 1 of any bug hunter note I do not consider myself one of them since I do this really sporadically is to have a good RSS feed...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...

FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)

MIT reports : CVE-2017-11368 : In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462 : RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or...

AZL-44322 CVE-2017-15371 affecting package sox for versions less than 14.4.2.0-33

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

DEBIAN-CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

AZL-43765 CVE-2017-15371 affecting package sox for versions less than 14.4.2.0-33

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...