[SECURITY] Fedora 35 Update: libsolv-0.7.21-1.fc35

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: - Using a dictionary approach to store and retrieve package and dependency information. - Using satisfiability, a well known and researched topic, for resolving package...

CVE-2021-42951

A Remote Code Execution RCE vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm...

EulerOS 2.0 SP5 : binutils (EulerOS-SA-2022-1262)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characte...

CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

DEBIAN-CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

UBUNTU-CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

wolfSSL 信任管理问题漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL versions prior to 5.2.0, which stems from an application attempting to authenticate a TLS 1.3 client to a...

Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat APT with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency NSA. Dubbed "Bvp47" owing to numerous...

Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's...

CVE-2016-20013

CVE-2016-20013 refers to sha256crypt and sha512crypt up to version 0.6, where the runtime grows with the square of the password length, enabling denial-of-service CPU exhaustion. The Connected IBM X-Force bulletin confirms CVE-2016-20013 with a base score of 7.5 (C3.0) and an availability impact ...

CVE-2022-21800

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...

Design/Logic Flaw

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...

CVE-2022-21800 Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...

CVE-2022-21800 Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...

CVE-2022-21800

CVE-2022-21800 affects Airspan/MMP family: MMP <1.0.3, PTP C-series <2.8.6.1, PTMP C-series/A5x

[SECURITY] Fedora 35 Update: zziplib-0.13.72-1.fc35

The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the free subset of compression with the zlib...

[SECURITY] Fedora 34 Update: zziplib-0.13.72-1.fc34

The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the free subset of compression with the zlib...

GO-2022-0646 CBC padding oracle issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

GHSA-7F33-F4F5-XWGW In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...