Debian: Security Advisory (DLA-265-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python-kerberos vulnerable to KDC spoofing attacks

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

Stack overflow

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

CVE-2021-21906

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

PT-2021-14832 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma

Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA Version 5.0 Description: A stack-based buffer overflow issue exists in the CMA readfile function of the Garrett Metal Detectors iC Module. The iC Module exposes an authenticated command-line interface CLI...

bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...

bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...

Logic error in Legion of the Bouncy Castle BC Java

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

Dovecot < 2.2.7 Authentication Bypass Vulnerability

Dovecot is prone to an authentication bypass vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2019-10231

CVE-2019-10231 affects Teclib GLPI

CVE-2014-5071

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username...

CVE-2015-3206

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

PYSEC-2017-66

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

CVE-2015-3206

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

CVE-2015-3206

CVE-2015-3206 affects the pykerberos library (checkPassword) where the KDC is not authenticated, enabling potential MITM or DoS via spoofed KDC responses. Connected sources indicate mitigations include enabling KDC verification (e.g., via a krb5.keytab and related verify option) and applying patc...

CVE-2015-3206

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

CVE-2015-3206

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

DEBIAN-CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the...

CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the...

UBUNTU-CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the...