Implementation error in Namespace.fuse() leads to a wrong unicode representation

Lines of code Vulnerability details Impact The font class of a tile will be always considered as 0 emoji when a user registers a name. Proof of Concept To register a name, fuse is used taking as input the data of the characters. The name to register is a string created by converting the character...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability previously existed in Google Chrome version 99.0.4844.51, which stemmed from an improperly implemented vulnerability in Blink...

Denial Of Service (DoS)

wolfssl is vulnerable to denial of service. The vulnerability exists due to an implementation error in DTLS, allowing an attacker to crash the application...

CVE-2022-31104

CVE-2022-31104 concerns Wasmtime’s x86_64 SIMD implementation. Two Cranelift lowering bugs affected i8x16.swizzle and select for v128 inputs: swizzle overwrote the mask input register, potentially corrupting a constant; and select incorrectly handled 128‑bit vectors when the condition was 0, movi...

Siemens SINEMA Remote Connect Server Standard Security Check Implementation Error Vulnerability

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

Siemens SINEMA Remote Connect Server Standard Security Check Implementation Error Vulnerability (CNVD-2022-45210)

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

Improper Verification of Cryptographic Signature in node-forge

Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...

GHSA-X4JG-MJRX-434G Improper Verification of Cryptographic Signature in node-forge

Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...

GHSA-CFM4-QJH2-4765 Improper Verification of Cryptographic Signature in node-forge

Impact RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS1 encoded message to forge a signature when a low public exponent is being used. Patches The...

Improper Verification of Cryptographic Signature in node-forge

Impact RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS1 encoded message to forge a signature when a low public exponent is being used. Patches The...

Unspecified vulnerability in Linux kernel (CNVD-2021-84584)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel powerpc prior to version 5.14.15, which stems from an implementation error in arch/powerpc/kvm/book3shvrmhandlers when handling...

Design/Logic Flaw

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification...

SUSE: Security Advisory (SUSE-SU-2019:0678-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RUSTSEC-2021-0056 CA certificate check bypass with X509_V_FLAG_X509_STRICT

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

Debian DSA-4906-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue. - CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions. - CVE-2021-21203 asnine discovered a use-after-free issue in...

SUSE: Security Advisory (SUSE-SU-2019:0787-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-4886-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authentication flaw

Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the allowmissing requirement under...

Debian: Security Advisory (DSA-4846-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4846-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4846-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 07, 2021 https://www.debian.org/security/faq -...