An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if...
9.8CVSS
9.3AI Score
0.002EPSS
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
8.1CVSS
7.7AI Score
0.002EPSS
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE...
8.8CVSS
9AI Score
0.003EPSS