7 matches found
CVE-2026-35579
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
Softing Secure Integration Server 1.22 Remote Code Execution Exploit
This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...
EulerOS Virtualization 2.5.0 : gnupg2 (EulerOS-SA-2018-1333)
According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be...
EulerOS 2.0 SP3 : gnupg2 (EulerOS-SA-2018-1223)
According to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject...
Important: gnupg2
Issue Overview: A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication...
Important: gnupg, gnupg2
Issue Overview: A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication...
Authorization Bypass
python-saml is vulnerable to authentication bypass. The application does not properly parse comments in certain XML nodes, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML message without invalidating the cryptographic signatur...