Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0863

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01019EPSS
Exploits0References6
OSV
OSV
added 2024/04/12 11:7 a.m.6 views

OESA-2024-1445 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

8.1CVSS6.8AI score0.01091EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.6 views

OESA-2024-1443 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

8.1CVSS6.8AI score0.01091EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.6 views

OESA-2024-1441 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

8.1CVSS6.8AI score0.01091EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/13 9:40 p.m.40 views

CVE-2023-27582 Full authentication bypass if SASL authorization username is specified

maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted...

9.1CVSS10AI score0.01019EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:25 a.m.4 views

GHSA-XM78-4M3G-7WM7 Improper Authentication in Apache Kafka

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...

6.8CVSS7.1AI score0.02985EPSS
Exploits0References7
Rows per page
Query Builder