Download
| Alert*
oval:org.secpod.oval:def:506710
The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL comman ... oval:org.secpod.oval:def:78392 It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation. oval:org.secpod.oval:def:606108 It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation. oval:org.secpod.oval:def:78424 cyrus-sasl2: Cyrus Simple Authentication and Security Layer Cyrus SASL could run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:506847 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL comman ... oval:org.secpod.oval:def:506709 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL comman ... oval:org.secpod.oval:def:19500127 A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges oval:org.secpod.oval:def:121726 The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. oval:org.secpod.oval:def:1601523 A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges oval:org.secpod.oval:def:121733 The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. oval:org.secpod.oval:def:3300648 SUSE Security Update: Security update for cyrus-sasl oval:org.secpod.oval:def:706321 cyrus-sasl2: Cyrus Simple Authentication and Security Layer Cyrus SASL could run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:4501102 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL comman ... oval:org.secpod.oval:def:1505551 [2.1.23-15.0.1.2] - Escape password for SQL insert/update commands [CVE-2022-24407][Orabug: 33936121] oval:org.secpod.oval:def:2500590 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. oval:org.secpod.oval:def:205946 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL comman ... oval:org.secpod.oval:def:89046051 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:1505463 [2.1.26-24.0.1] - Check against gssapi null pointer [Orabug: 33270138] [2.1.26-24] - Fix for CVE-2022-24407 - Resolves: rhbz#2055842 oval:org.secpod.oval:def:1505462 [2.1.27-6] - Fix for CVE-2022-24407 - Resolves: rhbz#2055846 oval:org.secpod.oval:def:1700866 A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges oval:org.secpod.oval:def:89046024 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:89046069 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:89047411 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . The following non-security bugs were fixed: - postfix: sasl authentication with password fails . oval:org.secpod.oval:def:89046065 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:89995 The remote host is missing a patch 142397-02 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89994 The remote host is missing a patch 142398-02 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2107643 Oracle Solaris 11 - ( CVE-2022-24407 ) oval:org.secpod.oval:def:97605 [CLSA-2022:1646060797] Fixed CVE-2022-24407 in cyrus-sasl |