5 matches found
CVE-2019-10907
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users...
OESA-2024-1443 libgsasl security update
The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
OESA-2024-1441 libgsasl security update
The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
OESA-2024-1445 libgsasl security update
The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
CVE-2009-5004
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...