Lucene search
Sasl Security Vulnerabilities
cve
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if...
9.8CVSS
9.3AI Score
0.002EPSS
2022-12-31 01:15 AM
46
cve
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
8.1CVSS
7.7AI Score
0.002EPSS
2022-07-19 04:15 PM
2169
6
cve
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE...
8.8CVSS
9AI Score
0.003EPSS
2022-02-24 03:15 PM
509
5