Monthly
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.