It was discovered that liblasso3-dev, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control.
Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and a bypass of restrictions in the Replace Text extension.
Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and a bypass of restrictions in the Replace Text extension.
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol , does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution.
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol , does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution.
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.
The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca function could result in memory corruption, allowing to crash systemd and hence the entire operating system. Details can be found in the Qualys advisory at https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt
Andrea Fioraldi discovered a buffer overflow in libsndfile, a library for reading/writing audio files, which could result in denial of service or potentially the execution of arbitrary code when processing a malformed audio file.
The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca function could result in memory corruption, allowing to crash systemd and hence the entire operating system. Details can be found in the Qualys advisory at https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt