EUVD-2025-29235

Malicious code in bioql PyPI...

CVE-2025-59154

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1 data, the code calls...

GHSA-W252-645G-87MP Openfire has potential identity spoofing issue via unsafe CN parsing

Summary Identity spoofing in X.509 client certificate authentication in Openfire allows internal attackers to impersonate other users via crafted certificate subject attributes, due to regex-based extraction of CN from an unescaped, provider-dependent DN string. Analysis Openfire’s SASL EXTERNAL...

CVE-2025-59154 Openfire allows potential identity spoofing via unsafe CN parsing

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1 data, the code calls...

CVE-2025-59154 Openfire allows potential identity spoofing via unsafe CN parsing

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1 data, the code calls...

PT-2025-37756

Name of the Vulnerable Software and Affected Versions: Openfire versions prior to 5.0.2 Openfire version 5.1.0 Description: Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a flaw in how it extracts user identities from X.509 certificates. The code uses...

openSUSE Security Update : pidgin (openSUSE-2017-410)

This update for pidgin fixes the following issues : Feature update : - Update to GNOME 3.20.2 fate318572. Security issues fixed : - CVE-2017-2640: Fix an out of bounds memory read in purplemarkupunescapeentity. boo1028835 Bugfixes - Correctly remove .so files for plugins fixes...

DEBIAN-CVE-2016-7142

The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...

UBUNTU-CVE-2016-7142

The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...

FreeBSD : inspircd -- authentication bypass vulnerability (70c85c93-743c-11e6-a590-14dae9d210b8)

Adam reports : A serious vulnerability exists in when using msasl in combination with any services that support SASL EXTERNAL. To be vulnerable you must have msasl loaded, and have services which support SASL EXTERNAL authentication. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

inspircd -- authentication bypass vulnerability

Adam reports: A serious vulnerability exists in when using msasl in combination with any services that support SASL EXTERNAL. To be vulnerable you must have msasl loaded, and have services which support SASL EXTERNAL authentication...

CVE-2005-3567

slapd daemon in IBM Tivoli Directory Server ITDS 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors...