Lucene search
K

7041 matches found

Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.36 views

Fedora 36 : galera / mariadb (2022-cf88f807f9)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-cf88f807f9 advisory. MariaDB 10.5.18 & Galera 26.4.13 Release notes: https://mariadb.com/kb/en/mdb-10-5-18-rn/ Tenable has extracted the preceding description block...

7.5CVSS7.4AI score0.02082EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2022/12/21 12:0 a.m.25 views

EulerOS 2.0 SP10 : dhcp (EulerOS-SA-2022-2842)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported...

7.5CVSS6.9AI score0.11296EPSS
Exploits0References7
OSV
OSV
added 2022/12/18 5:15 a.m.2 views

UBUNTU-CVE-2022-47516

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service daemon crash via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion...

7.5CVSS5.8AI score0.01647EPSS
Exploits1References3
NVD
NVD
added 2022/12/13 4:15 p.m.19 views

CVE-2022-25689

Denial of service in Modem due to reachable assertion in Snapdragon Mobile...

7.5CVSS0.00406EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 4:15 p.m.26 views

CVE-2022-25673

Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile...

7.5CVSS0.00406EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 4:15 p.m.30 views

CVE-2022-25675

Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

5.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 4:15 p.m.26 views

CVE-2022-25672

Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile...

7.5CVSS0.00406EPSS
Exploits0References1
Prion
Prion
added 2022/12/13 4:15 p.m.20 views

Design/Logic Flaw

Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

5CVSS7.6AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 8:15 a.m.15 views

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

7.5CVSS0.00751EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/13 7:4 a.m.29 views

CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

5.3CVSS7.9AI score0.00751EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-27518

Citrix Application Delivery Controller ADC and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator...

9.8CVSS7.6AI score0.06931EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.7 views

PT-2022-16038 · Unknown · Passport-Wsfed-Saml2

Name of the Vulnerable Software and Affected Versions: Passport-wsfed-saml2 versions prior to 4.6.3 Description: A remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary ID...

7.5CVSS7.5AI score0.00751EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.5 views

PT-2022-17467 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a denial of service in the Modem component due to a reachable assertion while processing the common config procedure. This affects various Qualcomm...

7.5CVSS7.4AI score0.00406EPSS
Exploits0References3
CVE
CVE
added 2022/12/13 12:0 a.m.64 views

CVE-2022-25702

CVE-2022-25702 affects Qualcomm Snapdragon platforms (Snadpragon Auto, Compute, Industrial IOT, Mobile, Wearables). The issue is a denial-of-service caused by a reachable assertion while processing a reconfiguration message in the modem path. Multiple sources (NVD, Red Hat, CIRCL) describe the sa...

7.5CVSS7.5AI score0.00406EPSS
Exploits0References1Affected Software1
Mageia
Mageia
added 2022/12/06 11:32 p.m.88 views

Updated imagemagick packages fix security vulnerability

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. CVE-2021-3574 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows a...

7.8CVSS1.3AI score0.0238EPSS
Exploits4References16
Github Security Blog
Github Security Blog
added 2022/11/29 11:55 p.m.37 views

crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

9.8CVSS9.2AI score0.02179EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/11/29 11:55 p.m.24 views

GHSA-J2JP-WVQG-WC2G crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

9.1CVSS7.9AI score0.02179EPSS
Exploits0References8
OSV
OSV
added 2022/11/29 6:3 p.m.35 views

GO-2022-1129 Authentication bypass in github.com/crewjam/saml

Authentication bypass is possible when processing SAML responses containing multiple Assertion elements...

9.8CVSS7.9AI score0.02179EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/29 12:0 a.m.30 views

SUSE SLES12 Security Update : exiv2 (SUSE-SU-2022:4252-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4252-1 advisory. - CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. bsc1142681 -...

7.8CVSS7AI score0.02287EPSS
Exploits3References23
NVD
NVD
added 2022/11/28 3:15 p.m.29 views

CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

9.8CVSS0.02179EPSS
Exploits0References3
Rows per page
Query Builder