39 matches found
CVE-2026-53004
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. An unprivileged local user could exploit an out-of-bounds write vulnerability in the sctpgetsockoptpeerauthchunks function. This occurs due to an incorrect size check, allowing the kernel to write pas...
Linux Distros Unpatched Vulnerability : CVE-2026-53004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the pee...
CVE-2026-53004
In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...
CVE-2026-53004 sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...
Cisco Catalyst SD-WAN Manager和Cisco Catalyst SD-WAN Controller 授权问题漏洞
Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage and Cisco Catalyst SD-WAN Controller are both products of the American company Cisco. Cisco Catalyst SD-WAN Manager is a highly customizable dashboard that can simplify and automate the deployment, configuration, management, and operation of Cisc...
Steamworks game clients/servers using P2P authentication vulnerable to denial of service
Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...
BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
BRC-104 Authentication Signature Data Preparation Vulnerability Summary A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potentia...
CVE-2025-59353
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not...
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).
Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...
FreeBSD : apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication (2bc376c0-977e-11ee-b4bc-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2bc376c0-977e-11ee-b4bc-b42e991fc52e advisory. - Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Pe...
Security Bulletin: Due to the use of Apache ZooKeeper, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security bypass.
Summary Apache ZooKeeper is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-44981 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache ZooKeeper
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache ZooKeeper. Vulnerability Details CVEID: CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...
Vulnerability fixed in Apache Zookeeper
The Apache Foundation has fixed a vulnerability in Zookeeper. A malicious party could exploit the vulnerability to gain access gain access to data within Zookeeper. The vulnerability is in the way peer authentication takes place. For successful misuse, the malicious party must be able to be able ...
Debian: Security Advisory (DSA-5544-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5544-1] zookeeper security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5544-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2023 https://www.debian.org/security/faq -...
Debian dla-3624 : libzookeeper-java - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3624 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3624-1 [email protected] https://www.debian.org/lts/security/...
The vulnerability of the SASL Quorum Peer authentication function in the centralized service for supporting configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper allows attackers to circumvent security restrictions and gain read, modify, or delete access to data.
The vulnerability of the SASL Quorum Peer authentication function in the centralized service for supporting configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is related to the ability to bypass authentication by using a user-controll...
CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...