Design/Logic Flaw

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...

UBUNTU-CVE-2021-4076

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...

CVE-2021-4076

CVE-2021-4076 describes a vulnerability in tang, a network-based cryptographic binding server, where a flaw could lead to leakage of private keys. The entry is supported by multiple sources in the provided corpus, including NVD data (CVE-2021-4076) and Nessus references noting tang-11-1.el9 on Ce...

CVE-2021-45977

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC used as...

Design/Logic Flaw

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC used as...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types a...

EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1234)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the...

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

Moderate: Red Hat Security Advisory: rpm security update

An update for rpm is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Google TensorFlow code issue vulnerability (CNVD-2022-14996)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow is vulnerable to a code issue that stems from an undefined behavior in the QuantizedMaxPool implementation, where user-controlled input can trigger a reference binding to a null...

CLSA-2022-1644869807 Fix of CVE: CVE-2021-3521, CVE-2021-20266

CVE-2021-20266: missing length checks in hdrblobInit - CVE-2021-3521: RPM does not require subkeys to have a valid binding signature - Address important covscan issues 1996665, 2022537...

CLSA-2022-1644869406 Fix of CVE: CVE-2021-3521

CVE-2021-3521: RPM does not require subkeys to have a valid binding signature...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

Privilege Escalation

keycloak is vulnerable to privilege escalation. The vulnerability exists due to a flaw in the default ECP binding flow which allows other authentication flows to be bypassed...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and po...

Null pointer dereference

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

CVE-2022-21739 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

Denial of Service (DoS)

Overview pg-native is a high performance native bindings between node.js and PostgreSQL via libpq with a simple API. Affected versions of this package are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array...

rpm security update

4.14.3-19.2 - Address covscan issues in binding sigs validation patch 2022537 4.14.3-19.1 - Validate and require subkey binding sigs on PGP pubkeys 2022537 - Fixes CVE-2021-3521...

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...