GHSA-924M-4PMX-C67H pysaml2 Improper Authentication vulnerability

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

pysaml2 Improper Authentication vulnerability

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

SUSE-SU-2018:1952-1 Initial update for kernel-azure

This update is the initial delivery of the Azure flavor of the Linux Kernel, which contains enhancements and optimizations for running the SUSE Linux Enterprise kernel in the Azure cloud...

MGASA-2018-0172 Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.25 and updates the KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. It also adds ome optimizations and improvements to mitigate some of the slowdons caused by the Meltdown CVE-2017-5754 and Spectre, variant 2 CVE-2017-5715. Other security...

PySAML2: Security bypass

Background PySAML2 is a pure python implementation of SAML2 Description It was found that the PySAML2 relies on an assert statement to check the user’s password. A python optimizations might remove this assertion. Impact A remote attacker could bypass security restrictions and access any...

Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3520-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3520-1 advisory. It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as a...

USN-3520-1 python-pysaml2 vulnerability

It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password...

Meltdown Exploit PoC

Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Refer to the paper by Lipp et. al 2017 for details: https://meltdownattack.com/meltdown.pdf. Can only dump linuxprocbanner at the moment, since requires accessed memory to be in...

CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

PYSEC-2018-48

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

DEBIAN-CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

CVE-2017-1000433

Summary: CVE-2017-1000433 affects PySAML2. Versions 4.4.0 and earlier allow login without a password when Python optimizations are enabled, enabling attacker impersonation of any user. The issue is widely reported across distros and advisories (Debian DLA-2577-1; DLA-1410-1; Ubuntu USN-3520-1; Ge...

SUSE-SU-2017:2319-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates ...

Metasploit Wrapup

Metasploit Hackathon We were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the...

Integer overflow

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service segmentation fault and application crash via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations...

ALPINE-CVE-2017-6312

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service segmentation fault and application crash via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations...

CVE-2017-6312

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service segmentation fault and application crash via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations...

CVE-2017-6312

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service segmentation fault and application crash via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations...