21 matches found
EUVD-2019-0196
Malware in sbrugna...
EUVD-2006-1333
Malware in sbrugna...
EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)
According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with...
thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
EulerOS Virtualization 3.0.1.0 : thrift (EulerOS-SA-2019-1458)
According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security...
Debian DLA-1662-1 : libthrift-java security update
It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
[SECURITY] [DLA 1662-1] libthrift-java security update
Package : libthrift-java Version : 0.9.1-2+deb8u1 CVE ID : CVE-2018-1320 Debian Bug : 918736 It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if th...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
GHSA-WJXJ-F8RG-99WX Improper Input Validation in Apache Thrift
Apache Thrift Java client library versions 0.5.0 prior to 0.9.3-1 and 0.10.0 prior to 0.12.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in...
Improper Input Validation in Apache Thrift
Apache Thrift Java client library versions 0.5.0 prior to 0.9.3-1 and 0.10.0 prior to 0.12.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
Input validation
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
Jabber Studio Jabberd Server SASL Negotiation DoS Vulnerability
Jabberd server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...
CVE-2006-1329
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...
CVE-2006-1329
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...