The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.
b98f26482dd59c89089a43c62936c2461318247bab55a7aaca8bb5e77ff8ba10Node-saml and its partner project passport-saml are vulnerable to an authentication bypass due to lax parsing of SAML responses.
1409b388d1ff3591b0f738957b81678639bad9a730829cf9d04b2f5f4e2e8a40XML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks.
fb9e0a77092860baf50e4dd27de48b363926968c3606d0db1631fac8f83f0ff4The Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.
2ba78b07aefa0b49411c9850601bb70eafd9ced41709aea21651ae90f931e2adlibxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.
2e836bc71a5f639b38695645fac3e6f8cf11af986d63af75240bf0a926a562f1cmark-gfm, Github's markdown parsing library, is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count.
27a5460a6816fd26f0145be9abc1875edcaf581344dee907385de97828a29203containerd suffers from an insecure handling vulnerability related to image volumes.
b48bfd4366814227d48303e9535b5ccfe89e805d02c9e299e3b73f9fe15bbda5The recent commit #9c4440 introduces two vulnerabilities to libcontainer that can be exploited by an attacker with partial control over the bind mount sources of a new container.
ed408918fa162c1e37fcd4ed27b9ab361935aa46728e7fcbca4f23d94f8f25d3A KVM guest using SEV-ES (Secure Encrypted Virtualization - Encrypted State) can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT using the exit reason SVM_EXIT_IOIO.
ccc3c93435dc2cf6f740404e0f3468344e1a65dc1fc33ad4cbde80538cdac73eA KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will then trigger a second call to nested_svm_vmrun and corrupt svm->nested.hsave with data copied out of the L2 vmcb. For kernel versions that include the commit "2fcf4876: KVM: nSVM: implement on demand allocation of the nested state" (>=5.10), the guest can free the MSR permission bit in svm->nested.msrpm, while it's still in use and gain unrestricted access to host MSRs.
d7d8893258c173535d6129f18da5eea5e87415de98e53b981565c55447d30da4The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.
f02320214893002ab2b97694c08e9e2330bbb20f2f2bada5f83933c577f951efThe bd daemon, which runs as part of the F5 BIG-IP Application Security Manager (ASM), is vulnerable to a stack-based buffer overflow when processing overlong HTTP response headers in the is_hdr_criteria_matches function.
9c44ca360a14fa4cc12518c3c7b3dc3db600141f5960afa5516ad2e74a06f1b5Big IP's Traffic Management Microkernels (TMM) URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition.
3871783e2fe19713b45a5661f9772f7a4d4281e5f8687d7bb3041ddb2bd1b662Package Control suffers from an arbitrary file write vulnerability.
d829e043ae3215e9a2fc3e3d229f6478a414c15426280fcd8d1c11242690ef75Node version 14.11.0 is vulnerable to a use-after-free bug in its TLS implementation.
1f513e648d5b8f3a7fbacd8992a272057c993baa2d4402fc73136e7984a51276usrsctp suffers from insecure HMAC generation that can lead to out-of-bounds access.
69e92243c6bd41974a900dc98b7a0757d386d20f488d2990c84c93ea121be861usrsctp suffers from a usrsctp pending_reply_queue out-of-bounds access vulnerability.
ea5557c59234c8615d7ded46ca3513dc591370aae707b02618e0d07c3615d064Apache 2 suffers from an issue with concurrent pool usage in the http2 module.
4ec68bf66866cfc8f4895d0ba320c5de4dece24c05a02f8d5fafd3449a9ba771Apache 2 suffers from a memory corruption vulnerability in the mod_http2 push diary implementation.
fac8f451f590f673b91a5fc43c92dbcc4b70a80fdb9922484d3853ac610b2025Github Actions supports a feature called workflow commands that is susceptible to widespread code injection vulnerabilities.
fad674c47b105cfc1035cbe0b4661f311b3d8159fc76033622fa185b205e5785Kubernetes has multiple issues in aws-iam-authenticator where lax controls can lead to a lower security posture.
e9aec083853e55df0de4b8243a5f9b2535fd421f5ca95a63ffa2769b14ec08e5HashiCorp Vault's GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE instances, by creating a JWT token with a faked compute_engine struct, using an arbitrary attacker controlled service account.
34f611b87b68b7fd6cab37412c7d4092e8b5a0d5ec0b29df2c510e9bc1a45ab4HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.
b13c4db73c9c1c434d36ca980312a9413268770cfb76417ed250b35bd357b407Apache2 suffers from an incorrect handling of large requests issue in mod_proxy_uwsgi.
a6d25204a474a382b45dc4bcc2aef5cc3b47408552e918aedeac6dce35405571Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.
b404dcfa6d845cbd272f8eca0446855bd9671e0f4684dcd3a059efe2b423226d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed