Glewlwyd SSO server 安全漏洞

Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in babelouest Glewlwyd SSO server versions 2.x through 2.6.2, which stems from a buffer overflow in the scheme/webauthn.c file in the...

PYSEC-2022-95

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

PYSEC-2022-150

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

DRUPAL-CONTRIB-2021-036

This module provides a solution to authenticate visitors using existing SAML providers. Certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" an...

SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2021-036

This module provides a solution to authenticate visitors using existing SAML providers. Certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" an...

GHSA-WCVP-R8J8-47PC Double free in toodee

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

CVE-2021-37154

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

GHSA-39WR-F4FF-XM6P Incorrect implementation in streebog

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

Incorrect implementation in streebog

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

GHSA-GF93-H79Q-6JJV Incorrect implementation of the Streebog hash functions in streebog

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

Incorrect implementation of the Streebog hash functions in streebog

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

USN-4974-1 lasso vulnerability

It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls...

Signature Validation Bypass

Impact An authentication bypass exists in the goxmldsig this library uses to determine if SAML assertions are genuine. An attacker could craft a SAML response that would appear to be valid but would not have been genuinely issued by the IDP. Patches Version 0.4.2 bumps the dependency which should...

PYSEC-2021-659

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

GO-2020-0040 Uncontrolled Resource Consumption in github.com/shiyanhui/dht

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

PT-2021-12077 · Dht +2 · Dht +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to unchecked type assertions, allowing maliciously crafted messages to cause panics. This can be used as a denial of service vector...

CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...

CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...

Multithreaded WASM Triggered Assertions

firefox has Multithreaded WASM triggered assertions validating separation of script domains...

Mozilla Firefox < 86.0

The version of Firefox installed on the remote Windows host is prior to 86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-07 advisory. - Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bugs present ...