5314 matches found
CVE-2021-22160
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens JWT, the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user incl. admins...
Code injection
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens JWT, the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user incl. admins...
Code injection
IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280...
IBM Security Guardium 加密问题漏洞
IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...
RHEL 8 : brotli (RHSA-2021:1702)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1702 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffma...
Use of a Broken or Risky Cryptographic Algorithm in Terraform
When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. Specific Go Packages Affected github.com/hashicorp/terraform/backend/remote-state/azure...
Moderate: Red Hat Security Advisory: brotli security update
An update for brotli is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RLSA-2021:1702 Moderate: brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
Moderate: brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
brotli security update
An update is available for brotli. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Brotli is a generic-purpose lossless compression algorithm that compresses dat...
ALSA-2021:1702 Moderate: brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
CVE-2021-32617
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm quadratic complexity was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata int...
CVE-2021-32921
An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...
Debian DLA-2657-1 : lz4 security update
It was discovered that there was a potential memory corruption vulnerability in the lz4 compression algorithm library. For Debian 9 'Stretch', this problem has been fixed in version 0.0r131-2+deb9u1. We recommend that you upgrade your lz4 packages. For the detailed security status of lz4 please...
The vulnerability of the Netgear Switch Discovery Protocol (NSDP) implementation in the microprogrammable switching devices NETGEAR ProSAFE Plus JGS516PE and ProSAFE Plus GS116Ev2 allows a perpetrator to increase their privileges.
The vulnerability of the Netgear Switch Discovery Protocol NSDP implementation of the NETGEAR ProSAFE Plus JGS516PE and ProSAFE Plus GS116Ev2 microprogrammable switching devices is related to the use of a hashing algorithm that contains vulnerabilities. Exploiting this vulnerability could allow a...
CVE-2021-1447
CVE-2021-1447 describes a local privilege-escalation in Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) due to a flaw in the password generation algorithm. An authenticated Administrator can exploit this by enabling specific Administrator-only features and connecting to the ap...
CVE-2021-1447 Cisco Content Security Management Appliance Privilege Escalation Vulnerability
A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...
Uncontrolled Resource Consumption in urllib3
The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...