RLSA-2021:4060 Moderate: libsolv security update

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fixes: libsolv: heap-based buffer overflow in poolinstallable in src/repo.h CVE-2021-33928 libsolv: heap-based buffer overflow in pooldisabledsolvable in src/repo.h CVE-2021-33929...

Oracle Linux 7 : binutils (ELSA-2021-4033)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4033 advisory. 2.27-44.base.0.3.1 - Forward-port patches to 2.27-44.base.1 - Reviewed-by: Jose E. Marchesi 2.27-44.base.0.2.1 - Forward-port patches to 2.27-44.base.1 -...

New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed "Trojan Source...

‘Trojan Source’ Bug Threatens the Security of All Code

Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. Th...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

ALPINE-CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

DEBIAN-CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

Design/Logic Flaw

DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

UBUNTU-CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

PT-2021-4639 · Atlassian +8 · Jira Service Management Server +11

Name of the Vulnerable Software and Affected Versions: Unicode Specification versions prior to 14.0 Jira Service Management affected versions not specified Jira Software affected versions not specified Jira Work Management affected versions not specified Description: The issue is related to the...

CVE-2021-42574

CVE-2021-42574 describes a trojan-source style vulnerability in the Unicode Bidirectional Algorithm up to Unicode 14.0, allowing visual reordering of code tokens via BiDi control characters. Connected advisories confirm public attention across GCC/binutils/toolchains, with mitigations including u...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

CVE-2011-4574

PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer the RDTSC instruction. This instruction can be virtualized, and some virtual machine hosts have chosen to disable this...

NewStart CGSL MAIN 6.02 : nss Multiple Vulnerabilities (NS-SA-2021-0121)

The remote NewStart CGSL host, running version MAIN 6.02, has nss packages installed that are affected by multiple vulnerabilities: - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel...

NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2021-0156)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by multiple vulnerabilities: - When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security...

Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2021-2579)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Networkit - A Growing Open-Source Toolkit For Large-Scale Network Analysis

NetworKit is an open-source tool suite for high-performance network analysis. Its aim is to provide tools for the analysis of large networks in the size range from thousands to billions of edges. For this purpose, it implements efficient graph algorithms, many of them parallel to utilize multicor...