OESA-2021-1431 rpm security update

The RPM Package Manager RPM is a powerful package management system capability as below Security Fixes: The OpenPGP subkey is associated with the master key through a binding signature. RPM will not check their binding signature before importing the subkey; if the attacker can add it or the other...

Mozilla Firefox Security Advisory (MFSA2014-02) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection

Exploit Title: Apartment Visitor Management System AVMS 1.0 - 'username' SQL Injection Date: 2021-08-13 Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

GHSA-6GVC-4JVJ-PWQ4 Duplicate Advisory: Use after free in libpulse-binding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f56g-chqp-22m9. This link is maintained to preserve external references. Original Description An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a...

Duplicate Advisory: Use after free in libpulse-binding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f56g-chqp-22m9. This link is maintained to preserve external references. Original Description An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a...

GHSA-WCXC-JF6C-8RX9 Duplicate Advisory: Uncaught Exception in libpulse-binding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xvcg-2q82-r87j. This link is maintained to preserve external references. Original Description Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB...

Duplicate Advisory: Uncaught Exception in libpulse-binding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xvcg-2q82-r87j. This link is maintained to preserve external references. Original Description Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB...

GHSA-GHPQ-VJXW-CH5W Use after free in libpulse-binding

Overview Version 1.2.1 of the libpulse-binding Rust crate, released on the 15th of June 2018, fixed a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important...

Use after free in libpulse-binding

Overview Version 1.2.1 of the libpulse-binding Rust crate, released on the 15th of June 2018, fixed a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important...

Reference binding to nullptr in `MatrixDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV: python import tensorflow as tf tf.rawops.MatrixDiagV3 diagonal=1,0, k=, numrows=1,2,3, numcols=4,5, paddingvalue=, align='RIGHTRIGHT' The implementation has...

GHSA-6P5R-G9MQ-GGH2 Reference binding to nullptr in `MatrixSetDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV: python import tensorflow as tf tf.rawops.MatrixSetDiagV3 input=1,2,3, diagonal=1,1, k=, align='RIGHTLEFT' The implementation has incomplete validation that t...

Reference binding to nullptr and heap OOB in binary cwise ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting e.g., gradients of binary cwise operations: python import tensorflow as tf tf.rawops.SqrtGrady=4, 16,dy= The implementation assumes that the two...

GHSA-W4XF-2PQW-5MQ7 Reference binding to nullptr in `RaggedTensorToVariant`

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant: python import tensorflow as tf tf.rawops.RaggedTensorToVariant rtnestedsplits=, rtdensevalues=1,2,3, batchedinput=True The implementation has an incomplete validation of the...

GHSA-W74J-V8XH-3W5H Reference binding to nullptr in unicode encoding

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode: python import tensorflow as tf from tensorflow.python.ops import genstringops genstringops.unicodeencode inputvalues=, inputsplits=, outputencoding='UTF-8', errors='ignore',...

GHSA-QR82-2C78-4M8H Reference binding to nullptr in map operations

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations: python import tensorflow as tf tf.rawops.MapPeek key=tf.constant8,dtype=tf.int64, indices=, dtypes=tf.int32, capacity=8, memorylimit=128 The implementation...