CVE-2021-3827

CVE-2021-3827 concerns Keycloak where the default ECP binding flow can bypass other authentication flows, enabling an attacker to bypass MFA by sending a SOAP AuthnRequest with an Authorization header containing user credentials. Exploitation affects confidentiality and integrity as described in ...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

AZL-10637 CVE-2021-3521 affecting package rpm for versions less than 4.18.0-1

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

DEBIAN-CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

Design/Logic Flaw

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

UBUNTU-CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

CVE-2021-3521

CVE-2021-3521 describes a flaw in RPM’s handling of OpenPGP subkeys: binding signatures on subkeys are not checked before import, enabling potential trust of malicious signatures and risking data integrity. Exploitation requires compromising a repository or persuading an administrator to install ...

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

rpm4 -- Multiple Vulnerabilities

rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...

CLSA-2022-1660757175 Fixed 15 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

PT-2022-23972 · Yugabyte +1 · Yugabytedb +1

Name of the Vulnerable Software and Affected Versions: YugabyteDB version 2.6.1 Description: An issue was discovered when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. If anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an...

lxml: Multiple Vulnerabilities

Background lxml is a Pythonic binding for the libxml2 and libxslt libraries. Description Multiple vulnerabilities have been discovered in lxml. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

Certificate Binding lost after upgrade.

Certificate bindings lost from SSL Virtual Servers after Reboot / Upgrade Certificates may not be lost. It's just the certificate installation lost which leads to bindings lost...

Storefront monitor is down

The customer refer to https://docs.citrix.com/en-us/citrix-adc/current-release/load-balancing/load-balancing-builtin-monitors/monitor-citrix-sf-services.html to configure a user monitor for storefront service probe, but storefront service shown down; If binding TCP monitor to storefront service, ...

SilentHound - Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv recommended method sudo python3 -m pip install --user pipenv git clone https://github.com/layer8secure/SilentHound.git cd silenthound...

USN-5532-2 python-bottle vulnerability

USN-5532-1 fixed a vulnerability in Bottle. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM Original advisory details: It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclo...

USN-5532-1 python-bottle vulnerability

It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information. CVE-2022-31799...

GHSA-6RH6-X8WW-9H97 Grails framework Remote Code Execution via Data Binding

Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. Patches Grails framewor...