re2c 缓冲区错误漏洞

re2c is an open source language generator for C and C++. A security vulnerability exists in re2c, which suffers from a stack overflow due to an infinite recursion issue in src/dfa/deadrules.cc...

[SECURITY] Fedora 36 Update: pipenv-2021.5.29-7.fc36

The Python packaging tool that aims to bring the best of all packaging worlds bundler, composer, npm, cargo, yarn, etc. to the Python world. It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages. I...

bouncycastle: Timing issue within the EC math library

A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

bouncycastle: Timing issue within the EC math library

A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

CVE-2022-26779

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...

Code injection

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...

CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...

[SECURITY] Fedora 34 Update: pipenv-2020.11.15-3.fc34

The Python packaging tool that aims to bring the best of all packaging worlds bundler, composer, npm, cargo, yarn, etc. to the Python world. It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages. I...

bouncycastle: Timing issue within the EC math library

A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

Consensus Halt

github.com/cosmos/cosmos-sdk encounters a consensus halt. An attacker with the ability to send transactions on any chain with the authz module enabled can halt that chain using many Grants, with different but close expiration times as it uses non-deterministic behaviour in a ValidateBasic method ...

CVE-2021-41135

The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...

CVE-2021-41135

The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...

CVE-2021-41135 Authz Module Non-Determinism

The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...

Cosmos-SDK 代码问题漏洞

Cosmos-SDK is a framework for building blockchain applications in Golang. Cosmos-SDK suffers from a code issue vulnerability that stems from non-deterministic behavior of the ValidateBasic method in the x/authz module in the software, and affected versions of the SDK are prone to consensus stoppi...

Error on unsupported architectures in raw-cpuid

nativecpuid::cpuidcount exposes the unsafe cpuidcount intrinsic from core::arch::x86 or core::arch::x8664 as a safe function, and uses it internally, without checking the safety requirement: The CPU the program is currently running on supports the function being called. CPUID is available in most...

OPENSUSE-SU-2021:1169-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch Enable the deterministic RNG for unit tests that covers the...

GHSA-6XX3-RG99-GC3P Timing based private key exposure in Bouncy Castle

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of...

Timing based private key exposure in Bouncy Castle

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of...

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

UBUNTU-CVE-2021-29981

An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox 91 and Thunderbird 91...