EUVD-2020-17957

Malware in sbrugna...

CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...

GHSA-QV5P-6WRC-79WG SimpleSAMLphp Use of insecure connection charset (sqlauth module)

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

SimpleSAMLphp Use of insecure connection charset (sqlauth module)

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd...

DEBIAN-CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...

DEBIAN-CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd...

Null pointer dereference

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd...

Design/Logic Flaw

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...

CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd...

CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd...

CVE-2019-20917

InspIRCd vulnerability CVE-2019-20917 affects the mysql module prior to 3.3.0 when built against mariadb-connector-c 3.0.5+, enabling a NULL pointer dereference that can be triggered by users who can connect to a server, and used with sqlauth/sqloper to remotely crash the server. Public advisorie...

CVE-2020-25269

CVE-2020-25269 is a use-after-free in InspIRCd (pgsql module) that can be triggered by combining the pgsql module with sqlauth or sqloper, enabling a remote user to crash the server. Initial description lists affected releases as InspIRCd 2 before 2.0.29 and 3 before 3.6.0. Public advisories in t...

InspIRCd Memory Misreference Vulnerability

InspIRCd is a modular C++ Internet Relay Chat IRC server for UNIX-like and Windows systems. A security vulnerability exists in the pgsql module in InspIRCd. When used in conjunction with the sqlauth or sqloper modules, this vulnerability can be exploited to remotely crash the InspIRCd server by a...

Debian DSA-4127-1 : simplesamlphp - security update

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. - CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. - CVE-2017-12869 When using the...

[SECURITY] [DSA 4127-1] simplesamlphp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4127-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 02, 2018 https://www.debian.org/security/faq -...

Debian DLA-1273-1 : simplesamlphp security update

simplesamlphp, an authentication and federation application has been found vulnerable to Cross Site Scripting XSS, signature validation byepass and using insecure connection charset. CVE-2017-18121 A Cross Site Scripting XSS issue has been found in the consentAdmin module of SimpleSAMLphp through...

Design/Logic Flaw

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...