30 matches found
Unity Linux 20.1060e / 20.1070e Security Update: cryptacular (UTSA-2026-016656)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016656 advisory. CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode...
EUVD-2020-0522
Malware in sbrugna...
Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-31047 DESCRIPTION: Django could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker...
Oracle WebCenter Sites (Apr 2022 CPU)
The 12.2.1.3.0 and 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites Cryptacular...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-7226 DESCRIPTION: Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decod...
Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server
Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29749 DESCRIPTION: IBM Sterling Secure Proxy is vulnerable to server-side request forgery SSR...
JFrog Artifactory < 6.23.1 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote machine is prior to 6.23.1. It is, therefore, affected by multiple vulnerabilities: - CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
JFrog Artifactory < 7.10.5 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote machine is prior to 7.10.5. It is, therefore, affected by multiple vulnerabilities: - CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
be.kuleuven.ccis.util:jwt (=1.0.0), com.buession.cas:buession-cas-core (=1.1.0) +417 more potentially affected by CVE-2020-7226 via org.cryptacular:cryptacular (>=1.2.0 <=1.2.3)
org.cryptacular:cryptacular MAVEN version =1.2.0, =0.8, =0.10, =0.10, =0.10, =0.8, =0.8, =0.8, =0.9, =0.9.4 and more Source cves: CVE-2020-7226 Source advisory: OSV:GHSA-X64G-4XX9-FH6X...
br.com.absoftware.gerabook:gerabook (>=1.1 <=1.2), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +477 more potentially affected by CVE-2020-7226 via org.cryptacular:cryptacular (>=1.0 <=1.1.3)
org.cryptacular:cryptacular MAVEN version =1.0, =1.1, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.4.0.0, =0.7.0.1, =1.0.0, =3.0.0, =5.0.0, =2.2.4, =2.2.4, =2.2.4, =2.3.19 - com.exacttarget:fuelsdk =1.1.0 and more Source cves: CVE-2020-7226 Source advisory:...
Denial of Service in Cryptacular
CiphertextHeader.java in Cryptacular before 1.2.4, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
GHSA-X64G-4XX9-FH6X Denial of Service in Cryptacular
CiphertextHeader.java in Cryptacular before 1.2.4, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.8 security update
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...